Chapter 2

Application Layer

A note on the use of these Powerpoint slides:

We’re making these slides freely available to all (faculty, students, readers).
They’re in PowerPoint form so you see the animations; and can add, modify,
and delete slides (including this one) and slide content to suit your needs.
They obviously represent a lot of work on our part. In return for use, we only
ask the following: Computer
 If you use these slides (e.g., in a class) that you mention their source
(after all, we’d like people to use our book!) Networking: A Top
 If you post any slides on a www site, that you note that they are adapted
from (or perhaps identical to) our slides, and note our copyright of this Down Approach
material.
7th edition
Thanks and enjoy! JFK/KWR Jim Kurose, Keith Ross
Pearson/Addison Wesley
All material copyright 1996-2016
April 2016
J.F Kurose and K.W. Ross, All Rights Reserved
Application Layer 2-1
Chapter 2: outline
2.1 principles of network 2.5 P2P applications
applications 2.6 video streaming and
2.2 Web and HTTP content distribution
2.3 electronic mail networks
• SMTP, POP3, IMAP 2.7 socket programming
2.4 DNS with UDP and TCP

Application Layer 2-2

Web and HTTP
First, a review…
 web page consists of objects
 object can be HTML file, JPEG image, Java
applet, audio file,…
 web page consists of base HTML-file which
includes several referenced objects
 each object is addressable by a URL, e.g.,
www.someschool.edu/someDept/pic.gif

host name path name

Application Layer 2-3

HTTP overview
HTTP: hypertext transfer
protocol HT
 Web’s application layer TP
req
ues
protocol PC running HT t
Firefox browser TPr
 client/server model esp
ons
• client: browser that e
requests, receives, t
(using HTTP protocol) u es
req server
and “ displays” Web T P n se
HT s po running
objects TP
re Apache Web
T
• server: Web server H server
sends (using HTTP
protocol) objects in iPhone running
response to requests Safari browser

Application Layer 2-4

HTTP overview (continued)
uses TCP:
 client initiates TCP
connection (creates socket)
to server, port 80
 server accepts TCP
connection from client
 HTTP messages
(application-layer protocol
messages) exchanged
between browser (HTTP
client) and Web server
(HTTP server)
 TCP connection closed
HTTP is “stateless”
 server maintains no
information about
past client requests
aside
protocols that maintain
“ state” are complex!
 past history (state) must be
maintained
 if server/client crashes, their
views of “ state” may be
inconsistent, must be
reconciled
Application Layer 2-5
HTTP connections
non-persistent HTTP persistent HTTP
 at most one object sent  multiple objects can
over TCP connection be sent over single
• connection then TCP connection
closed between client, server
 downloading multiple
objects required
multiple connections

Application Layer 2-6

 Non-persistent HTTP
suppose user enters URL: (contains text,
www.someSchool.edu/someDepartment/home.index references to 10
jpeg images)
1a. HTTP client initiates TCP
connection to HTTP server
(process) at 1b. HTTP server at host
www.someSchool.edu on port 80 www.someSchool.edu waiting
for TCP connection at port 80.
“ accepts” connection, notifying
2. HTTP client sends HTTP request message client
(containing URL) into TCP connection
socket. Message indicates that client wants
object someDepartment/home.index 3. HTTP server receives request
message, forms response
message containing requested
object, and sends message into
its socket
time
Application Layer 2-7
 Non-persistent HTTP (cont.)
4. HTTP server closes TCP
connection.
5. HTTP client receives response
message containing html file,
displays html. Parsing html file,
finds 10 referenced jpeg objects

time
6. Steps 1-5 repeated for each of 10
jpeg objects

Application Layer 2-8

Non-persistent HTTP: response time
RTT (definition): time for a
small packet to travel from
client to server and back
HTTP response time: initiate TCP
 one RTT to initiate TCP connection
connection RTT
 one RTT for HTTP request request
file
and first few bytes of HTTP time to
response to return RTT transmit
file
 file transmission time file
 non-persistent HTTP received
response time =
2RTT+ file transmission time time
time

Application Layer 2-9

Persistent HTTP
non-persistent HTTP
issues:
 requires 2 RTTs per object
 OS overhead for each TCP
connection
 browsers often open
parallel TCP connections to
fetch referenced objects
persistent HTTP:
 server leaves connection
open after sending
response
 subsequent HTTP
messages between same
client/server sent over
open connection
 client sends requests as
soon as it encounters a
referenced object
 as little as one RTT for all
the referenced objects
Application Layer 2-10
 HTTP request message
 two types of HTTP messages: request, response
 HTTP request message:
• ASCII (human-readable format)
carriage return character
line-feed character
request line
(GET, POST, GET /index.html HTTP/1.1\r\n
HEAD commands) Host: www-net.cs.umass.edu\r\n
User-Agent: Firefox/3.6.10\r\n
Accept: text/html,application/xhtml+xml\r\n
headerAccept-Language: en-us,en;q=0.5\r\n
linesAccept-Encoding: gzip,deflate\r\n
carriage return, Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n
line feed at start Keep-Alive: 115\r\n
Connection: keep-alive\r\n
of line indicates \r\n
end of header lines

* Check out the online interactive exercises for more

examples: http://gaia.cs.umass.edu/kurose_ross/interactive/ Application Layer 2-11
HTTP request message: general format

method sp URL sp version cr lf request

line
header field name value cr lf
header
~
~ ~
~ lines

header field name value cr lf

cr lf

~
~ entity body ~
~ body

Application Layer 2-12

Uploading form input
POST method:
 web page often includes
form input
 input is uploaded to server
in entity body

URL method:
 uses GET method
 input is uploaded in URL
field of request line:
www.somesite.com/animalsearch?monkeys&banana

Application Layer 2-13

Method types
HTTP/1.0: HTTP/1.1:
 GET  GET, POST, HEAD
 POST  PUT
 HEAD • uploads file in entity
• asks server to leave body to path specified
requested object out of in URL field
response  DELETE
• deletes file specified in
the URL field

Application Layer 2-14

 HTTP response message
status line
(protocol
status code HTTP/1.1 200 OK\r\n
status phrase) Date: Sun, 26 Sep 2010 20:09:20 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
Last-Modified: Tue, 30 Oct 2007 17:00:02
GMT\r\n
header ETag: "17dc6-a5c-bf716880"\r\n
Accept-Ranges: bytes\r\n
lines Content-Length: 2652\r\n
Keep-Alive: timeout=10, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=ISO-8859-1\
r\n
data, e.g., \r\n
requested data data data data data ...
HTML file

* Check out the online interactive exercises for more

examples: http://gaia.cs.umass.edu/kurose_ross/interactive/ Application Layer 2-15
HTTP response status codes
 status code appears in 1st line in server-to-client response message.
 some sample codes:

200 OK
• request succeeded, requested object later in this msg
301 Moved Permanently
• requested object moved, new location specified later in this msg
(Location:)
400 Bad Request
• request msg not understood by server
404 Not Found
• requested document not found on this server
505 HTTP Version Not Supported
Application Layer 2-16
Trying out HTTP (client side) for yourself
1. Telnet to your favorite Web server:
telnet gaia.cs.umass.edu 80 opens TCP connection to port 80
(default HTTP server port)
at gaia.cs.umass. edu.
anything typed in will be sent
to port 80 at gaia.cs.umass.edu

2. type in a GET HTTP request:

GET /kurose_ross/interactive/index.php HTTP/1.1
Host: gaia.cs.umass.edu by typing this in (hit carriage
return twice), you send
this minimal (but complete)
GET request to HTTP server

3. look at response message sent by HTTP server!

(or use Wireshark to look at captured HTTP request/response)
Application Layer 2-17
User-server state: cookies
example:
many Web sites use cookies  Susan always access
four components: Internet from PC
1) cookie header line of  visits specific e-commerce
HTTP response site for first time
message  when initial HTTP requests
2) cookie header line in arrives at site, site creates:
next HTTP request • unique ID
message • entry in backend database
3) cookie file kept on for ID
user’s host, managed
by user’s browser
4) back-end database at
Web site
Application Layer 2-18
 Cookies: keeping “ state” (cont.)
client server

ebay 8734
usual http request msg Amazon server
cookie file creates ID
usual http response
1678 for user create backend
ebay 8734
set-cookie: 1678 entry database
amazon 1678
usual http request msg
cookie: 1678 cookie- access
specific
usual http response msg action

one week later:

access
ebay 8734 usual http request msg
amazon 1678 cookie: 1678 cookie-
specific
usual http response msg action
Application Layer 2-19
Cookies (continued)
aside
what cookies can be used cookies and privacy:
for:
  cookies permit sites to
authorization
 learn a lot about you
shopping carts
 recommendations  you may supply name and
 user session state (Web e- e-mail to sites
mail)

how to keep “state”:

 protocol endpoints: maintain state at
sender/receiver over multiple transactions
 cookies: http messages carry state

Application Layer 2-20

Web caches (proxy server)
goal: satisfy client request without involving origin server
 user sets browser: Web
accesses via cache
 browser sends all HTTP proxy
HT
requests to cache TP
req server u est
HT ues P req
• object in cache: cache client TP
res
t H TT po n se
origin
pon res
returns object se HT
T P server
t
• else cache requests ues
req e
object from origin TT P o ns
p
H res
server, then returns HT TP
object to client
client origin
server

Application Layer 2-21

More about Web caching
 cache acts as both why Web caching?
client and server  reduce response time for
• server for original client request
requesting client
• client to origin server  reduce traffic on an
 typically cache is institution’s access link
installed by ISP  Internet dense with
(university, company, caches: enables “ poor”
residential ISP) content providers to
effectively deliver
content (so too does P2P
file sharing)

Application Layer 2-22

Caching example:
assumptions:
 avg object size: 100K bits origin
 avg request rate from browsers to servers
origin servers:15/sec public
 avg data rate to browsers: 1.50 Mbps Internet
 RTT from institutional router to any
origin server: 2 sec
 access link rate: 1.54 Mbps
1.54 Mbps
access link
consequences:
 LAN utilization: 15% problem! institutional
network
 access link utilization = 99% 1 Gbps LAN
 total delay = Internet delay + access
delay + LAN delay
= 2 sec + minutes + usecs

Application Layer 2-23

 Caching example: fatter access link
assumptions:
 avg object size: 100K bits origin
 avg request rate from browsers to servers
origin servers:15/sec public
 avg data rate to browsers: 1.50 Mbps Internet
 RTT from institutional router to any
origin server: 2 sec
 access link rate: 1.54 Mbps
154 1.54 Mbps
154 Mbps
access link
consequences: Mbps
 LAN utilization: 15% institutional
network
 9.9%
access link utilization = 99% 1 Gbps LAN
 total delay = Internet delay + access
delay + LAN delay
= 2 sec + minutes + usecs
msecs

Cost: increased access link speed (not cheap!)

Application Layer 2-24
 Caching example: install local cache
assumptions:
 avg object size: 100K bits origin
 avg request rate from browsers to servers
origin servers:15/sec public
 avg data rate to browsers: 1.50 Mbps Internet
 RTT from institutional router to any
origin server: 2 sec
 access link rate: 1.54 Mbps 1.54 Mbps
access link
consequences:
 LAN utilization: 15% institutional
network
 access link utilization?= 100% 1 Gbps LAN
 total delay ?= Internet delay + access
delay + LAN delay local web
How to compute link cache
= 2 sec + minutes + usecs
utilization, delay?
Cost: web cache (cheap!)
Application Layer 2-25
Caching example: install local cache
Calculating access link
utilization, delay with cache:
 suppose cache hit rate is 0.4 origin
• 40% requests satisfied at cache, 60% servers
requests satisfied at origin public
Internet

 access link utilization:

 60% of requests use access link
 data rate to browsers over access link 1.54 Mbps
access link
= 0.6*1.50 Mbps = .9 Mbps
 utilization = 0.9/1.54 = .58 institutional
network
1 Gbps LAN
 total delay
 = 0.6 * (delay from origin servers) +0.4 local web
* (delay when satisfied at cache) cache
 = 0.6 (2.01) + 0.4 (~msecs) = ~ 1.2 secs
 less than with 154 Mbps link (and
cheaper too!)
Application Layer 2-26
Conditional GET
client server
 Goal: don’t send object if
cache has up-to-date
cached version HTTP request msg
object
If-modified-since: <date>
• no object transmission not
delay modified
• lower link utilization HTTP response
before
HTTP/1.0
 cache: specify date of 304 Not Modified <date>
cached copy in HTTP
request
If-modified-since:
<date> HTTP request msg
 server: response contains If-modified-since: <date> object
modified
no object if cached copy after
HTTP response
is up-to-date: HTTP/1.0 200 OK <date>
HTTP/1.0 304 Not <data>
Modified
Application Layer 2-27
Chapter 2: outline
2.1 principles of network 2.5 P2P applications
applications 2.6 video streaming and
2.2 Web and HTTP content distribution
2.3 electronic mail networks
• SMTP, POP3, IMAP 2.7 socket programming
2.4 DNS with UDP and TCP

Application Layer 2-28

DNS: domain name system
people: many identifiers: Domain Name System:
• SSN, name, passport #  distributed database
Internet hosts, routers: implemented in hierarchy of
• IP address (32 bit) - many name servers
used for addressing  application-layer protocol:
datagrams hosts, name servers
• “ name” , e.g., communicate to resolve
www.yahoo.com - names (address/name
used by humans translation)
• note: core Internet function,
Q: how to map between IP
implemented as application-
address and name, and
layer protocol
vice versa ?
• complexity at network’s
“ edge”
Application Layer 2-29
DNS: services, structure
DNS services why not centralize DNS?
 hostname to IP address  single point of failure
translation  traffic volume
 host aliasing  distant centralized database
• canonical, alias names  maintenance
 mail server aliasing
 load distribution A: doesn‘t scale!
• replicated Web
servers: many IP
addresses correspond
to one name

Application Layer 2-30

DNS: a distributed, hierarchical database
Root DNS Servers

… …

com DNS servers org DNS servers edu DNS servers

pbs.org poly.edu umass.edu

yahoo.com amazon.com
DNS servers DNS serversDNS servers
DNS servers DNS servers

client wants IP for www.amazon.com; 1st approximation:

 client queries root server to find com DNS server
 client queries .com DNS server to get amazon.com DNS server
 client queries amazon.com DNS server to get IP address for
www.amazon.com

Application Layer 2-31

 DNS: root name servers
 contacted by local name server that can not resolve name
 root name server:
• contacts authoritative name server if name mapping not known
• gets mapping
• returns mapping to local name server

c. Cogent, Herndon, VA (5 other sites)

d. U Maryland College Park, MD k. RIPE London (17 other sites)
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites ) i. Netnod, Stockholm (37 other sites)

m. WIDE Tokyo
e. NASA Mt View, CA (5 other sites)
f. Internet Software C.
Palo Alto, CA (and 48 other sites)

13 logical root name “servers”

a. Verisign, Los Angeles CA
(5 other sites)
worldwide
b. USC-ISI Marina del Rey, CA •each “server” replicated many times
l. ICANN Los Angeles, CA
(41 other sites)
g. US DoD Columbus,
OH (5 other sites)

Application Layer 2-32

TLD, authoritative servers
top-level domain (TLD) servers:
• responsible for com, org, net, edu, aero, jobs, museums,
and all top-level country domains, e.g.: uk, fr, ca, jp
• Network Solutions maintains servers for .com TLD
• Educause for .edu TLD
authoritative DNS servers:
• organization’s own DNS server(s), providing authoritative
hostname to IP mappings for organization’s named hosts
• can be maintained by organization or service provider

Application Layer 2-33

Local DNS name server
 does not strictly belong to hierarchy
 each ISP (residential ISP, company, university)
has one
• also called “ default name server”
 when host makes DNS query, query is sent to its
local DNS server
• has local cache of recent name-to-address translation
pairs (but may be out of date!)
• acts as proxy, forwards query into hierarchy

Application Layer 2-34

DNS name root DNS server
resolution example
2
 host at cis.poly.edu 3
TLD DNS server
wants IP address for 4
gaia.cs.umass.edu
5

local DNS server

iterated query: dns.poly.edu
 contacted server replies 7 6
1 8
with name of server to
contact
authoritative DNS server
 “ I don’t know this dns.cs.umass.edu
name, but ask this requesting host
cis.poly.edu
server”
gaia.cs.umass.edu

Application Layer 2-35

DNS name root DNS server
resolution example
2 3
recursive query: 7
6
 puts burden of name TLD DNS
resolution on contacted server
name server
local DNS server
 heavy load at upper dns.poly.edu 5 4
levels of hierarchy?
1 8

authoritative DNS server

dns.cs.umass.edu
requesting host
cis.poly.edu

gaia.cs.umass.edu

Application Layer 2-36

DNS: caching, updating records
 once (any) name server learns mapping, it caches
mapping
• cache entries timeout (disappear) after some time (TTL)
• TLD servers typically cached in local name servers
• thus root name servers not often visited
 cached entries may be out-of-date (best effort
name-to-address translation!)
• if name host changes IP address, may not be known
Internet-wide until all TTLs expire
 update/notify mechanisms proposed IETF standard
• RFC 2136

Application Layer 2-37

DNS records
DNS: distributed database storing resource records (RR)
RR format: (name, value, type, ttl)

type=A type=CNAME
 name is hostname  name is alias name for some
 value is IP address “ canonical” (the real) name
 www.ibm.com is really
type=NS
• name is domain (e.g., servereast.backup2.ibm.com
foo.com)  value is canonical name
• value is hostname of
authoritative name type=MX
server for this domain  value is name of mailserver
associated with name

Application Layer 2-38

DNS protocol, messages
 query and reply messages, both with same message format
2 bytes 2 bytes

message header identification flags

 identification: 16 bit # for # questions # answer RRs

query, reply to query uses
# authority RRs # additional RRs
same #
 flags: questions (variable # of questions)
 query or reply
 recursion desired answers (variable # of RRs)
 recursion available
 reply is authoritative authority (variable # of RRs)

additional info (variable # of RRs)

Application Layer 2-39

DNS protocol, messages

2 bytes 2 bytes

identification flags

# questions # answer RRs

# authority RRs # additional RRs

name, type fields

questions (variable # of questions)
for a query
RRs in response answers (variable # of RRs)
to query
records for authority (variable # of RRs)
authoritative servers
additional “ helpful” additional info (variable # of RRs)
info that may be used
Application Layer 2-40
Inserting records into DNS
 example: new startup “ Network Utopia”
 register name networkuptopia.com at DNS registrar
(e.g., Network Solutions)
• provide names, IP addresses of authoritative name server
(primary and secondary)
• registrar inserts two RRs into .com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)
 create authoritative server type A record for
www.networkuptopia.com; type MX record for
networkutopia.com

Application Layer 2-41

Attacking DNS
DDoS attacks redirect attacks
 bombard root servers  man-in-middle
with traffic • Intercept queries
• not successful to date  DNS poisoning
• traffic filtering  Send bogus relies to
• local DNS servers cache DNS server, which
IPs of TLD servers, caches
allowing root server exploit DNS for DDoS
bypass
 bombard TLD servers  send queries with
• potentially more
spoofed source
dangerous address: target IP
 requires amplification
Application Layer 2-42