National University of

Computer & Emerging Sciences

CS 3001 – COMPUTER NETWORKS

Lecture 6
Chapter 2

5th September, 2024

Nauman Moazzam Hayat

[email protected]
Office Hours: 02:00 pm till 04:30 pm (Every Tuesday & Thursday)
Chapter 2
Application Layer
A note on the use of these PowerPoint slides:
We’re making these slides freely available to all (faculty, students,
readers). They’re in PowerPoint form so you see the animations; and
can add, modify, and delete slides (including this one) and slide
content to suit your needs. They obviously represent a lot of work on
our part. In return for use, we only ask the following:
▪ If you use these slides (e.g., in a class) that you mention their
source (after all, we’d like people to use our book!)
▪ If you post any slides on a www site, that you note that they are
adapted from (or perhaps identical to) our slides, and note our
copyright of this material.
Computer Networking: A
For a revision history, see the slide note for this page.
Top-Down Approach
Thanks and enjoy! JFK/KWR 8th edition n
All material copyright 1996-2023
Jim Kurose, Keith Ross
J.F Kurose and K.W. Ross, All Rights Reserved Pearson, 2020

Application Layer: 2-2

Application layer: overview
▪ P2P applications
▪ Principles of network ▪ video streaming and content
applications distribution networks
▪ Web and HTTP ▪ socket programming with
▪ E-mail, SMTP, IMAP UDP and TCP
▪ The Domain Name System
DNS

Application Layer: 2-3

 HTTP request message
▪ two types of HTTP messages: request, response
▪ HTTP request message:
• ASCII (human-readable format)
carriage return character
line-feed character
request line (GET,
GET /index.html HTTP/1.1\r\n
POST, Host: www-net.cs.umass.edu\r\n
HEAD commands) User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X
10.15; rv:80.0) Gecko/20100101 Firefox/80.0 \r\n
header Accept: text/html,application/xhtml+xml\r\n
lines Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip,deflate\r\n
Connection: keep-alive\r\n
\r\n
carriage return, line
feed at start of line
indicates end of header * Check out the online interactive exercises for more
lines examples: http://gaia.cs.umass.edu/kurose_ross/interactive/ Application Layer: 2-4
 Client-to-Server Communication
▪ HTTP Request Message
• Request line: method, resource, and protocol version
• Request headers: provide information or modify request
• Body: optional data (e.g., to “POST” data to the server)

request line GET /somedir/page.html HTTP/1.1

Host: www.someschool.edu
header User-agent: Mozilla/4.0
lines Connection: close
Accept-language: fr
(blank line)

carriage return line feed

indicates end of message
HTTP request message: general format
method sp URL sp version cr lf request
line
header field name value cr lf
header
~
~ ~
~ lines

header field name value cr lf

cr lf

~
~ entity body ~
~ body

Application Layer: 2-6

 Other HTTP request messages
POST method: (Used to send data to server
in entity body)
▪ web page often includes form
input
▪ user input sent from client to
server in entity body of HTTP POST
request message
GET method (for sending data to
server):
▪ include user data in URL field of HTTP
GET request message (following a ‘?’):
www.somesite.com/animalsearch?monkeys&banana
HEAD method:
▪ requests headers (only) that would
be returned if specified URL were
requested with an HTTP GET
method. (Identical to HTTP GET, except that the server
will not return a message-body as part of the HTTP
response. Rather, it will only send the HTTP headers and
will end immediately following the HTTP headers section.)
PUT method: (Used to send data to server)
▪ uploads new file (object) to
server in place of an existing one
▪ completely replaces file that
exists at specified URL with
content in entity body of POST
HTTP request message
In summary, POST is used for creating new
resources, while PUT is used for updating existing
resources.
Application Layer: 2-7
HTTP response message
status line (protocol HTTP/1.1 200 OK
status code status phrase) Date: Tue, 08 Sep 2020 00:53:20 GMT
Server: Apache/2.4.6 (CentOS)
OpenSSL/1.0.2k-fips PHP/7.4.9
mod_perl/2.0.11 Perl/v5.16.3
header Last-Modified: Tue, 01 Mar 2016 18:57:50 GMT
lines ETag: "a5b-52d015789ee9e"
Accept-Ranges: bytes
Content-Length: 2651
Content-Type: text/html; charset=UTF-8
\r\n
data, e.g., requested data data data data data ...
HTML file

* Check out the online interactive exercises for more examples: http://gaia.cs.umass.edu/kurose_ross/interactive/
Application Layer: 2-8
 Server-to-Client
Communication
❖ HTTP Response Message
▪ Status line: protocol version, status code, status phrase
▪ Response headers: provide information
▪ Body: optional data

status line HTTP/1.1 200 OK

(protocol, status code,
Connection close
status phrase)
Date: Thu, 06 Aug 2006 12:00:15
GMT
header lines Server: Apache/1.3.0 (Unix)
Last-Modified: Mon, 22 Jun 2006
...
Content-Length: 6821
Content-Type: text/html
data (blank line)
e.g., requested HTML file data data data data data ...
HTTP response status codes
▪ status code appears in 1st line in server-to-client response message.
▪ some sample codes:
200 OK
• request succeeded, requested object later in this message
301 Moved Permanently
• requested object moved, new location specified later in this message (in
Location: field)
400 Bad Request
• request msg not understood by server
404 Not Found
• requested document not found on this server
505 HTTP Version Not Supported
Application Layer: 2-10
Trying out HTTP (client side) for yourself
1. netcat to your favorite Web server:
% nc -c -v gaia.cs.umass.edu 80 ▪ opens TCP connection to port 80 (default HTTP server
port) at gaia.cs.umass.edu.
▪ anything typed in will be sent to port 80 at
gaia.cs.umass.edu
2. type in a GET HTTP request:
GET /kurose_ross/interactive/index.php HTTP/1.1
Host: gaia.cs.umass.edu
▪ by typing this in (hit carriage return twice), you send
this minimal (but complete) GET request to HTTP
server

3. look at response message sent by HTTP server!

(or use Wireshark to look at captured HTTP request/response)
Application Layer: 2-11
Question

▪ How does a stateless protocol keep state?

Cookies
Maintaining user/server state: cookies
a stateful protocol: client makes
Recall: HTTP GET/response two changes to X, or none at all
interaction is stateless
X
▪ no notion of multi-step exchanges
of HTTP messages to complete a X
Web “transaction”
• no need for client/server to track X
“state” of multi-step exchange ’
t’
• all HTTP requests are independent of X
each other ’’

• no need for client/server to “recover” X’’

from a partially-completed-but-never-
time time
completely-completed transaction
Q: what happens if network connection or
client crashes at t’ ?
Application Layer: 2-13
Maintaining user/server state: cookies
Web sites and client browser use
cookies to maintain some state
between transactions
four components:
1) cookie header line of HTTP response
message (from sever to client)
2) cookie header line in next HTTP
request message (from client to sever)
3) cookie file kept on user’s host,
managed by user’s browser
4) back-end database at Web site
Example:
▪ Susan uses browser on laptop,
visits specific e-commerce site
for first time
▪ when initial HTTP requests
arrives at site, site creates:
• unique ID (aka “cookie”)
• entry in backend database
for ID
• subsequent HTTP requests
from Susan to this site will
contain cookie ID value,
allowing site to “identify”
Susan Application Layer: 2-14
Maintaining user/server state: cookies
client
Amazon server
ebay 8734 usual HTTP request msg Amazon server
cookie file creates ID
usual HTTP response 1678 for user backend
create
ebay 8734 set-cookie: 1678 entry database
amazon 1678

usual HTTP request msg

cookie: 1678 cookie- access
specific
usual HTTP response msg action

one week later:

access
ebay 8734 usual HTTP request msg
amazon 1678 cookie: 1678 cookie-
specific
usual HTTP response msg action
time time Application Layer: 2-15
HTTP cookies: comments
aside
What cookies can be used for: cookies and privacy:
▪ authorization ▪ cookies permit sites to
learn a lot about you on
▪ shopping carts
their site.
▪ recommendations ▪ third party persistent
▪ user session state (Web e-mail) cookies (tracking cookies)
allow common identity
(cookie value) to be
Challenge: How to keep state? tracked across multiple
▪ at protocol endpoints: maintain state at web sites
sender/receiver over multiple
transactions
▪ in messages: cookies in HTTP messages
carry state
Application Layer: 2-16
Example: displaying a NY Times web page
1 GET base html file
2
from nytimes.com

4 fetch ad from nytimes.com

5
AdX.com
HTTP 1 2 HTTP
7 display composed GET reply
page

3 4
6 5

NY times page with

embedded ad AdX.com
displayed
Cookies: tracking a user’s browsing behavior

1634: sports, 2/15/22

nytimes.com (sports) “first party” cookie –

from website you chose
to visit (provides base
HTTP HTTP
GET reply html file)
Set cookie: 1634

HTTP GET
Referrer: NY Times Sports
4
7493: NY Times sports, 2/15/22
5
“third party” cookie – HTTP reply
from website you did NY Times: 1634 Set cookie: 7493
not choose to visit AdX: 7493
AdX.com
Cookies: tracking a user’s browsing behavior

1634: sports, 2/15/22

nytimes.com AdX:
▪ tracks my web browsing
socks.com over sites with AdX ads
2
HTTP 1 ▪ can return targeted ads
GET based on browsing history
HTTP GET
Referrer: socks.com, cookie:
7493
4
7493: NY Times sports, 2/15/22
5 7493: socks.com, 2/16/22
HTTP reply
NY Times: 1634 Set cookie: 7493
AdX: 7493
AdX.com
Cookies: tracking a user’s browsing behavior (one day later)

1634: sports, 2/15/22

1634: arts, 2/17/22

nytimes.com (arts)
socks.com HTTP HTTP
GET reply
cookie: 1634 Set cookie: 1634

HTTP GET
Referrer: nytimes.com, cookie: 7493
4
7493: NY Times sports, 2/15/22
5 7493: socks.com, 2/16/22
HTTP reply 7493: NY Times arts, 2/15/22
NY Times: 1634 Set cookie: 7493
AdX: 7493 Returned ad for socks!
AdX.com
Cookies: tracking a user’s browsing behavior
Cookies can be used to:
▪ track user behavior on a given website (first party cookies)
▪ track user behavior across multiple websites (third party cookies)
without user ever choosing to visit tracker site (!)
▪ tracking may be invisible to user:
• rather than displayed ad triggering HTTP GET to tracker, could be an
invisible link

third party tracking via cookies:

▪ disabled by default in Firefox, Safari browsers
▪ to be disabled in Chrome browser in 2023
GDPR (EU General Data Protection Regulation) and cookies
“Natural persons may be associated with online
identifiers […] such as internet protocol addresses,
cookie identifiers or other identifiers […].
This may leave traces which, in particular when
combined with unique identifiers and other
information received by the servers, may be used to
create profiles of the natural persons and identify
them.”
GDPR, recital 30 (May 2018)

User has explicit control

when cookies can identify an individual, cookies over whether or not cookies
are considered personal data, subject to GDPR are allowed
personal data regulations
Web caches (Proxy Servers)
Goal: satisfy client requests without involving origin server
▪ user configures browser to
point to a (local) Web cache Web
cache
▪ browser sends all HTTP client
origin
server
requests to cache
• if object in cache: cache
returns object to client
• else cache requests object
client
from origin server, caches
received object, then
returns object to client
Application Layer: 2-23
Web caches (aka proxy servers)
▪ Web cache acts as both Why Web caching?
client and server
▪ reduce response time for client
• server for original
requesting client request
• client to origin server • cache is closer to client

▪ server tells cache about

▪ reduce traffic on an institution’s
object’s allowable caching access link
in response header: ▪ Internet is dense with caches
• enables “poor” content providers
to more effectively deliver content

Application Layer: 2-24

 Caching example
Scenario:
▪ access link rate: 1.54 Mbps origin
▪ RTT from institutional router to server: 2 sec servers
▪ web object size: 100K bits public
Internet
▪ average request rate from browsers to origin
servers: 15 requests/sec
▪ avg data rate to browsers: 1.50 Mbps
1.54 Mbps
access link
Performance:
▪ LAN utilization = 1.50 Mbps / 1Gbps = 0.0015 = 0.15% institutional
network
(or Traffic Intensity = La / R = 100 K * 15 / 1 Gbps = 0.0015 = 0.15%) 1 Gbps LAN
▪ access link utilization = 1.50 Mbps / 1.54 Mbps = 0.97 = 97%
(or Traffic Intensity La / R = 100 K * 15 / 1.54 Mbps = 0.97 = 97%)
▪ end-end delay = Internet delay +
access link delay + LAN delay
= 2 sec + minutes + usecs problem: large Application Layer: 2-25

queueing delays
at high
utilization!
Option 1: buy a faster access link
Scenario: 154 Mbps
▪ access link rate: 1.54 Mbps origin
▪ RTT from institutional router to server: 2 sec servers
▪ web object size: 100K bits public
Internet
▪ average request rate from browsers to origin
servers: 15/sec
▪ avg data rate to browsers: 1.50 Mbps 154 Mbps
1.54 Mbps
access link
Performance:
▪ access link utilization = .97 .0097 (= 0.97%) institutional
network
1 Gbps LAN
▪ LAN utilization: .0015
▪ end-end delay = Internet delay +
access link delay + LAN delay
= 2 sec + minutes + usecs
Cost: faster access link (expensive!) msecs
Application Layer: 2-26
Option 2: install a web cache
Scenario:
▪ access link rate: 1.54 Mbps origin
▪ RTT from institutional router to server: 2 sec servers
▪ web object size: 100K bits public
Internet
▪ average request rate from browsers to origin
servers: 15/sec
▪ avg data rate to browsers: 1.50 Mbps
1.54 Mbps
access link
Cost: web cache (cheap!)
institutional
network
Performance: 1 Gbps LAN
▪ LAN utilization: .? How to compute link
▪ access link utilization = ? utilization, delay?
▪ average end-end delay = ? local web cache

Application Layer: 2-27

Calculating access link utilization, end-end delay
with cache:
suppose cache hit rate is 0.4:
▪ 40% requests served by cache, with low origin
servers
(msec) delay public
▪ 60% requests satisfied at origin Internet

• rate to browsers over access link

= 0.6 * 1.50 Mbps = .9 Mbps
1.54 Mbps
• access link utilization = 0.9/1.54 = .58 access link
means low (msec) queueing delay at access
institutional
link network
▪ average end-end delay: 1 Gbps LAN

= 0.6 * (delay from origin servers)

+ 0.4 * (delay when satisfied at cache)
= 0.6 * (2 + ~msec for access link & LAN) + 0.4 (~ μsec for LAN) local web cache

= 0.6 (2.01) + 0.4 (~ μsecs) = ~ 1.2 secs

Application Layer: 2-28

lower average end-end delay than with 154 Mbps link (and cheaper too!)
Problem with Web Cache (Proxy Server)

▪ The copy of the object in the web cache may be stale!!!

Browser caching: Conditional GET
client server
Goal: don’t send object if browser
HTTP request msg
has up-to-date cached version If-modified-since: <date> object
not
• no object transmission delay (or use
modified
of network resources) HTTP response
before
HTTP/1.0
▪ client: specify date of browser- 304 Not Modified
<date>

cached copy in HTTP request

If-modified-since: <date>
▪ server: response contains no HTTP request msg
If-modified-since: <date> object
object if browser-cached copy is modified
up-to-date: HTTP response after
HTTP/1.0 200 OK <date>
HTTP/1.0 304 Not Modified <data>
Application Layer: 2-30
HTTP/2
Key goal: decreased delay in multi-object HTTP requests
HTTP1.1: introduced multiple, pipelined GETs over single TCP
connection
▪ server responds in-order (FCFS: first-come-first-served scheduling) to
GET requests
▪ with FCFS, small object may have to wait for transmission (head-of-
line (HOL) blocking) behind large object(s)
▪ loss recovery (retransmitting lost TCP segments) stalls object
transmission

Application Layer: 2-31

HTTP/2
Key goal: decreased delay in multi-object HTTP requests
HTTP/2: [RFC 7540, 2015] increased flexibility at server in sending
objects to client:
▪ methods, status codes, most header fields unchanged from HTTP
1.1
▪ transmission order of requested objects based on client-specified
object priority (not necessarily FCFS)
▪ push unrequested objects to client
▪ divide objects into frames, schedule frames to mitigate HOL
blocking
Application Layer: 2-32
HTTP/2: mitigating HOL blocking
HTTP 1.1: client requests 1 large object (e.g., video file) and 3 smaller
objects
server

GET O4 GET O3 GET O

2 GET O1 object data requested
client

O1

O2
O1 O3
O2
O3
O4
O4

objects delivered in order requested: O2, O3, O4 wait behind O1 Application Layer: 2-33
HTTP/2: mitigating HOL blocking
HTTP/2: objects divided into frames, frame transmission interleaved
server

GET O4 GET O3 GET O

2 GET O1 object data requested
client
O2
O4
O3 O1

O2
O3
O1
O4

O2, O3, O4 delivered quickly, O1 slightly delayed

Application Layer: 2-34
HTTP/2 to HTTP/3
HTTP/2 over single TCP connection means:
▪ recovery from packet loss still stalls all object transmissions
• as in HTTP 1.1, browsers have incentive to open multiple parallel
TCP connections to reduce stalling, increase overall throughput
▪ no security over vanilla TCP connection
▪ HTTP/3: adds security, per object error- and congestion-
control (more pipelining) over UDP
• more on HTTP/3 in transport layer

Application Layer: 2-35

Quiz 1 – Chapter 1

2-36