RES224 Architecture des applications Internet

Transcription

RES224 Architecture des applications Internet
RES224 Architecture des applications Internet
Dario Rossi
mailto:dario.rossi@enst.fr
http://www.enst.fr/~drossi
Version 19 Septembre 2014
Contents
1 Presentation de l’Unité d’enseignement
2
2 Cours magistraux (CM)
2.1 Introduction . . . . . . . . . . . . . . . .
2.2 Les applications client-server . . . . . . .
2.3 Addressage: DNS et DHCP . . . . . . . .
2.4 Accès aux données: HTTP et FTP . . . .
2.5 eMail: SMTP POP et IMAP . . . . . . .
2.6 Les applications P2P: Introduction et DHT
2.7 Echange de données en P2P: BitTorrent .
2.8 Multimedia et VoIP en P2P: Skype . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
11
12
39
58
88
111
133
155
180
3 Travaux dirigés (TD)
204
3.1 Enoncé . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
3.2 Correction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
4 Travaux pratiques (TP)
232
4.1 Enoncé . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
5 Lectures obligatoires (LO)
5.1 SPDY (Google whitepaper) . .
5.2 SPDY (CACM’12) . . . . . . .
5.3 SPDY (CoNEXT’13) . . . . . .
5.4 SPDY (NSDI’14) . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
236
237
241
251
263
6 Example de contrôle de connaissances (CC)
277
6.1 Enoncé du 25/11/2011 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
2
D. Rossi – RES224
RES 224
Architecture des applications Internet
Presentation de l’unité d’enseignement
dario.rossi
Dario Rossi
RES224
http://www.enst.fr/~drossi
v250811
Plan
• Enseignants
• Organisation
• Évaluation
• CC
• TPs et interface Web TPRES
• Materiel
• Structure du cours
2
Presentation de l’Unité d’enseignement
Equipe pedagogique
• Enseignants
– Dario.Rossi@enst.fr
– Ahmed.Serhrouchni@enst.fr
LINCS (av Italie)
C234 (Barrault)
• Encadrants (TPs et TDs)
– Enseignants + PhDs (e.g., F. Diaz, R. Nassar, G.Rossini,
C. Testa,...)
– Se reporter aux enseignants pour questions
concernant l’organisation du cours
– Se reporter au responsable d'UE de la periode pour
les informations sur l'examen (cfr Evaluation)
Organisation
• Cours magistraux
– Equipe enseignant
• Travaux pratiques (en deux groupes)
– Assisté par les encadrants
– Presence obligatoire, justifiez à l'avance vos absences (par mail)
– Compte rendu optionnel à remettre (cfr. Evaluation)
• Echeance: au plus tard le 15eme jours après le TP
• En format PDF uniquement, via interface Web
• Travaux dirigés (en deux groupes)
– Corrigé par les encadrants pendant le TD
– Corrigé electronique disponible pour la plupart des exercices
• Regarder la solution des exercises uniquement
après avoir essayé de les resoudre!
3
4
D. Rossi – RES224
Organisation
• Groupes (pour TPs):
–
–
–
–
Partages-vous de facon equilibré dans les salles de TP
eg., ordre alphabetique, social, aleatoire,
Si > 30 eleves: Obbligatoirement 2 groupes
Si <= 30 eleves: Optionellement 2 groupes
• En tout cas
– Chaque groupe est partagé en binomes
• (ou, au plus, trinomes).
• (pas de bonus pour les monomes)
– Les bi/trinomes doivent etre stables
(i.e., ne pas changer pendant le cours)
Syllabus
• Cours
– Introduction
– Internet
– Les applications
– Client-server
– Accès au données: Web, FTP
– Messages: SMTP, POP, IMAP
– Addressage: DHCP, DNS
– Peer-to-peer
– Localisation/diffusion
– Partege de fichiers: BitTorrent
– VoIP: Skype
4
• TDs
– Domain Name System
– Autres applications
• TPs
– Session applicatives
(analyse du trafic avec
Wireshark )
• Materiel à lire
– Lecture obligatoires
(articles inclus dans
le policopie)
Presentation de l’Unité d’enseignement
Evaluation
• Note finale
– Note = CC si pas de TP
– Note = moyenne ½ TP + ½ CC
– Remarque: si CC<6, moyenne avec TP limitée à <10
– Cas réel: TP=20, CC=0, moyenne arithmetique = 10, note = 9.5
(moitié validation)
• Contrôle de connaissance (CC)
– Sans documents, sans calculette, sans iPhone, ...
• les informations nécessaires vous seront fournies
(e.g., format entetes TCP, IP, Eth)
• attention aux horaires du CC!
– Format:
• QCM sur tout le contenu du cours (slides TP, TD)
• Questions (ouvertes ou QCM) sur materiel à lire
Evaluation
• Precision: ne fera pas objet du
controle
• Tout jeu de slides explicitement
marqué comme tel (e.g.,
2010/S1P1)
• Les lectures optionnelles
(optional readings)
• But du materiel hors controle
• Pour vous donner un apercu de
la recherche,
et des evolutions plus recentes
du domaine,
• Pour vous montrer que les
réseaux peuvent etre “fun”
5
6
D. Rossi – RES224
Evaluation: QCM
• QCM
• Entre 3-5 choix pour chaque questions
• lorsque il y a des questions ouvertes:
20 questions, 2/3 de la note du CC
• lorsque il n’y a pasdes questions ouvertes :
~30 questions, 3/3 de la note du CC
• Attention
• Certaines reponses fausses peuvent entrainer une penalisation
• But: decourager les reponses systematiquement aléatoires
• Remarque: si vous etes indecis entre deux reponses, sur un
nombre limité de questions (e.g., 3-4), il est difficile que
toutes soient avec penalité
Evaluation: Questions ouvertes
• Questions ouvertes
•
•
•
•
•
Questions sur “mandatory readings”
Questions ouvertes ou integrés dans le QCM
Questions simples sur articles difficiles
Articles inclus dans le materiel fourni
Articles à lire de facon autonome
• Prenez de l’avance pour les lire !
• Profitons des cours/TP/TDs si vous avez des questions
• E.g. Pour 2010/S1P1:
• Peer-2-Peer: "Chord: A Scalable Peer-to-peer Lookup Service for
Internet Applications"
• Client-Server: “Wow, That's a Lot of Packets!”.
6
Presentation de l’Unité d’enseignement
Evaluation: TP
• Compte rendus TPs
– Rappel: justifiez vos absences à l'avance
– Rappel: délai maximum de 15 jours
– Compte rendu optionnel (donc note finale = exam)
• Format PDF uniquement,
• Interface Web TPRES
• Format du compte rendu
– Complet mais synthetique ! Repondez aux questions !
– Il ne faut pas ré-ecrire la theorie, mais motiver et commenter les
resultats que vous avez obtenu
Materiel
• Site de reference:
– http://www.enst.fr/~drossi
– Pointeur depuis le site pédagogique
• Materiel sur le site
–
–
–
–
–
–
Support de cours électronique (PDF)
Texte des TPs et TDs
Corrigé des TDs
Software pour les TPs
Articles à lire
(peu d'examples d') Annales d'examen
7
8
D. Rossi – RES224
TPRES https://tpres.enst.fr/tpweb
Interface Web d’upload des compte rendus
Votre account unix/mail
TPRES https://tpres.enst.fr/tpweb
Interface Web d’upload des compte rendus
Choix des UEs,
inscriptions aux
nouvelles UEs
Votre liste des TPs pour l’UE selectionné
8
Presentation de l’Unité d’enseignement
TPRES https://tpres.enst.fr/tpweb
Interface Web d’upload des compte rendus
Mise en ligne
et verification
des rapports
Un seul responsable par TP saisi
ses coequipiers et effectue l’upload
TPRES https://tpres.enst.fr/tpweb
Accessibilité
•
•
Directe depuis l'ecole
Via PPTP depuis l'exterieur (voir instructions DSI)
Remarques
•
Inscrivez vous ASAP
•
Vous devez vous inscrire par vous memes
•
Le responsible de la mise en ligne ne peut vous
ajouter que si vous etes deja inscrits
•
Compte rendu en format PDF uniquement
9
10
D. Rossi – RES224
References
• Livres (à la bibliotheque d'ENST)
– James F. Kurose & Keith W. Ross, Computer Networking: A topdown approach featuring the Internet, (4th ed) Addison Wesley
– R.W. Stevens, TCP/IP Illustrated: Volume 1, the Protocols,
Addison Wesley
– A. Tanenbaum, Computer Networks, Pearson Education,
Prentice Hall
• Autres ressource (sur Internet)
– IETF RFCs, pointeurs donnés dans les slides
– http://www.ietf.org/rfc.html
• Dans chaque cours
• Mandatory readings (objet d’examen)
• Optional readings (culture generale)
?? || //
10
Cours magistraux (CM)
11
2 Cours magistraux (CM)
Cette unité complète l’unité RES223 (qui se focalise sur le transport et routage Internet) avec un aperçu
complet de la couche des applications. Après une introduction générale d’Internet (Sec. 2.1) et des problématiques de la couche application (Sec. 2.2), on étudiera aussi bien des protocoles client-server (de
Sec. 2.3 à Sec. 2.5) que paire-à-paire (Sec. 2.6-Sec. 2.8).
La partie client-server se focalise, en particulier, sur
• l’adressage applicatif (DNS et DHCP en Sec. 2.3),
• l’accès au données (HTTP et FTP en Sec. 2.4) et
• la messagerie (SMTP, POP et IMAP en Sec. 2.5).
Ensuite, la partie paire-à-paire se focalise sur
• la recherche du contenu (DHT en Sec. 2.6),
• la diffusion du contenu (BitTorrent en Sec. 2.7) et
• le multimedia (Skype en Sec. 2.8).
Le cours est constamment mis à jour, de façon telle a donner un aper cu actuel des dernières tendences
en matière d’application Internet. Notamment, les cours suivants on vu le jours en:
• BitTorrent en 2008
• Skype en 2009
• P2P-TV en 2010
• LEDBAT en 2011
• YouTube en 2012
• SPDY en 2014
Bien evidemment, le contenu du cours n’augmente pas seulement, mais les nouveau cours remplacent
le materiel au fur et à mesure qu’il devient obsolète. Par example le cours de YouTube remplaceait en
2012-2014 le cours de P2P-TV tenu pendant 2010-2012, en raison du succes croissant de YouTube et
des CDN.
Cette edition 2014 voit un ajout important, notamment SPDY proposé par google comme replacement
de HTTP, et en cours de normalisation á IETF. Comme toute matiére de pointe et très recente n’est pas
couverte dans les livres de référence, on s’appuiera pour son étude sur des lectures d’approfondissement
(disponibles uniquement en anglais en Sec. 5).
A noter que les lectures d’approfondissement reportés en Sec. 5, font object d’examen aussi bien que
les cours magistraux. A la fin de chaque section, le lecteur intéressé trouvera des pointeurs vers des
approfondissement facultatifs (qui avaient à leur tour servi de lecture obligatoire dans des précedent
éditions de ce cours), qui en revanche ne sont pas object d’examen.
Comme complement, le cours donne aussi un aperçu sur de recents résultats de recherche sur ce domaine.
Cette “fenêtre sur la recherche” à le double but de montrer que le travail de recherche est intellectuellement stimulant et potentiellement amusant, ainsi que de montrer un example des aspects de recherche
que l’on aborde au departement (pour les étudiants interessés aux projet libres ou stages de recherche
dans le labo ou auprès des partenaires industriels). A noter que ce complement n’est pas object d’examen.
12
D. Rossi – RES224
RES 224
Architecture des applications Internet
Introduction
dario.rossi
Dario Rossi
RES224
http://www.enst.fr/~drossi
v250811
Plan
• Definition d’Internet
• Histoire d’Internet
• Architecture d’Internet
•
•
•
•
Couches protocolaires
Reseaux datagrammes
Transport, acheminement, routage
Structure d’Internet
• References
12
2.1 Introduction
Objectif
•
Objectif de cette introduction
– Panorama sur Internet au dela de RES224
•
Internet et le réseaux TCP/IP
– Principes fondamentaux des réseaux de données IP
– Problématique du transport des données TCP
– L’architecture d’Internet
•
Remarque
– Internet n’est pas le seul réseau à étendue mondiale existant
• D’autres reseaux: GSM, PSN (=RTC), …
– Dans ce cours, on se focalisera sur TCP/IP
• A la limite, on fera quelque comparison
Internet
• Definition d’Internet ?
– Internet en 2001,
http://www.caida.org/
13
14
D. Rossi – RES224
Internet
Internet = ses composants
•
•
•
•
•
Des millions de hôtes
– PCs, stations de travail, serveurs
PDAs, téléphones, grille-pain (!)
– Equippés de dispositifs de
communication
Nombreux liens de communication
– fibre optique, cuivre, wireless, …
transferent des trames de bits
Des routeurs (IP)
– Interconnectent les hotes,
et transfèrent des données
L’echange de segments (TCP)
– l'émission et la réception des
donnés sont controlés par des
protocoles de transport
L’echange de messages
– Entre hotes pour la definition de
services applicatif
http://www.livinginternet.com/i/ia_myths_toast.htm
Internet
http://www.livinginternet.com/i/ia_myths_toast.htm
Internet = applications + usager
•
La liste ne cesse de s’allonger…
– Login distant, transfert de
fichiers, e-mail, WWW, ecommerce, streaming audio et
vidéo, visioconférences, jeux
en réseau, social networking
•
Le nombre d’usagers ne cesse
d’augmenter…
– ~ 2 milliards d’usagers (03/2011)
ht tp://www.internetworldstats.com/stats.htm
14
IP/TCP/SNMP
2.1 Introduction
Internet
Internet = ses normes
•
•
•
Internet Engineering Task Force (IETF)
http://www.ietf.org
IETF Request For Comments (RFC )
– Documents techniques détaillés
définissant les protocoles tels que
HTTP, TCP, IP…
– Au départ: informel; aujourd'hui,
normes de facto
– Plus de 6000 RFCs (08/2011)
Autres formus existent
– W3C pour WWW, BEP pour BitTorrent …
•
http://javvin.com/map.html
Pas de norme pour certain protocoles
– Protocoles proprietaires: KaZaa, Skype, etc.
Internet
Internet = architecture
•
•
•
•
Offre des services applicatifs…
Controlant le transport l’information….
Acheminée de bout-en-bout…
Utilisant plusieurs liens point
à point…
•
Bout-en-bout (end-2-end)
– Application, transport des info,
acheminement des paquets
Point-à-point (point-2-point)
– Communication sur lien et physique
•
V. Cerf and R. Kahn, “A protocol for
packet network intercommunication“
IEEE Transactions on Communications ,
May 1974
15
16
D. Rossi – RES224
Historique
• Quelque dates et chiffres
Historique
1961-1972: Principe des réseaux de paquets
•
•
•
•
16
1961: L. Kleinrock
théorie des files d’attentes
(efficacité des réseaux de
paquets)
1964: P. Baran
packet-switching dans les réseaux
militaires
1967:
Advanced Research Projects
Agency (ARPAnet)
1969:
premier noeud de ARPAnet
•
1972:
– ARPAnet démontré
publiquement
– NCP (Network Control
Protocol) premier protocole
host to hot
– Premier programme d’email
– ARPAnet: 15 noeuds
2.1 Introduction
Historique
1972-1980: Nouveaux réseaux et réseaux propriétaires
•
•
•
•
•
1970: ALOHAnet
réseau CSMA à Hawaii
1973: B. Metcalfe
Ethernet
1974: V.Cerf et R. Kahn
architecture pour l’inter-connexion de
réseaux
Fin 70’s:
architectures propriétaires: DECnet,
SNA, XNA
1979: ARPAnet a 200 noeuds
•
Principes de Cerf and Kahn’s :
–
–
–
–
•
Minimalisme, autonomie
Modèle best effort
Routeurs stateless
Contrôle décentralisé
C’est l’architecture actuelle d’Internet
Historique
1980-1990: Nouveaux protocoles, prolifération des réseaux
•
•
•
•
•
1983: deploiement
de TCP/IP
1983: SMTP (e-mail)
1983: P. Mockapetris
defini DNS pour le nommage
1985: FTP
1988: contrôle de congestion
TCP
•
•
Réseaux nationaux: Csnet,
BITnet, NSFnet, Cyclades
100 000 hôtes interconnextés
17
18
D. Rossi – RES224
Historique
1990-2010’s: Commercialisation, Web, P2P, VoD et Social networks
•
•
•
Début 1990’s: Fin d’ARPAnet
•
1990s: Web
– hypertext
– HTML, HTTP: Berners-Lee
– 1994: Mosaic, puis Netscape
– Fin 1990’s: commercialisation du
Web
– Environ 50 millions d’hôtes, plus de
100 millions d’utilisateurs
2000s
– killer apps: messagerie instantanée,
peer-2-peer (P2P) gnutella,
eDonkey, Skype, BitTorrent, …
– Environ 1 milliard d’usagers
– Backbones > Gbps
2010’s
– Video : YouTube 2nd search
engine apres Google
http://www.tgdaily.com/trendwatch
-features/39777-youtube-surpassesyahoo-as-world%E2%80%99s-2search-engine
– Social networking: Facebook
3eme pays du monde avec plus
de 400 million d’usagers
http://www.techxav.com/2010/03/1
9/if-facebook-were-a-country/
Historique
•
Backbone en 2007
Source http://www.spectrum.ieee.org (jun 07)
London – NY = 387 Gbps (environ 5 fois > Paris – NY)
18
2.1 Introduction
Les couches protocolaires
Chaqun
son role!
Les couches protocolaires
• Les réseaux sont complexes et hétérogènes:
–
–
–
–
–
–
hôtes
routeurs
médias différents
applications
protocoles
hardware, software
• Donc
– Comment organiser la structure du réseaux ?
– Comment organiser les communication entre hotes ?
19
20
D. Rossi – RES224
Les couches protocolaires
• Different necessités
– Les deux end-points d’un application doivent s’echanger des messages
– Chaque echanges de type end-2-end (globale) est composé par
plusieurs echabges point-2-point (locales)
– La communication globale (end-to-end) a besoin de garanties, celle
locale (point-2-point) doit etre optimisé
• Une architecture à couches
– Chacun fait son boulot: separation de roles
– Deplacer la complexité vers le bord du reseau
– Maintenir le coeur aussi simple, scalable et generale que possible
Les 7-Couches du Modèle OSI
Application
Presentation
Session
Transport
Network
Link
Physical
20
L7
L6
L5
L4
L3
L2
L1
}
}
}
Applications
RES240/RES224
End-to-end
RES240/RES223
Point-to-point
2.1 Introduction
TCP/IP: un sous-ensemble de OSI
Application
L7
Transport
L4
L3
Internet
L2
HostHost-toto-network
}
}
}
Applications
RES240/RES224
End-to-end
RES240/RES223
Point-to-point
TCP/IP: un sous-ensemble de OSI
Application
Transport
Internet
L7
L4
L3
L2
HostHost-toto-network
Message
Segment
Datagramme
Remarque
– Un “paquet” Internet
prends plusieurs noms
– A chaque niveau, le
“paquet” a un nom
bien precis !
Frame (trame)
21
22
D. Rossi – RES224
TCP/IP: un sous-ensemble de OSI
Application
L7
– HTTP, FTP, SMTP, POP, IMAP,
DNS, RIP, BitTorrent, Skype,etc.
Transport
L4
L3
– TCP, UDP, SCTP, RTP, DCCP, etc.
– IP, ICMP, IGMP, OSPF, BGP, etc.
Internet
L2
HostHost-toto-network
– PPP, Ethernet, WiFi, etc.
Communications entre couches
22
Application
Application
Presentation
Presentation
Session
Session
Transport
Transport
Network
Network
Link
Link
Physical
Physical
•
Une couche (layer)
communique
– logiquement avec une
couche du meme niveau
– en utilisant les services de
la couche en bas
– pour offrir un service à la
couche en haut
2.1 Introduction
Communication logique vs physique
application
transport
transport
réseau
lien
physique
application
transport
transport
réseau
lien
physique
réseau
lien
physique
réseau
lien
physique
application
transport
transport
réseau
lien
physique
Logique, de bout en bout
application
transport
transport
réseau
lien
physique
Physique, point à point,
Couches proches à l’usager
Application
Presentation
Session
Transport
Network
Link
Physical
• Application layer
– requete de pages Web, reponse avec
le contenu, voix, video et interaction (pause,
play), securité
• Presentation layer
– Codage des donnés, securité, compression, ...
• Session layer
– Synchronisation entre applications,
connexion logiques, recuperation d'erreur
23
24
D. Rossi – RES224
Couches de bout en bout
Application
• Transport layer
– fiabilité end-to-end
– Controle de congestion end-to-end
– Multiplexage / demultiplexage des
applications
Presentation
Session
Transport
Network
• Network layer
Link
– Routing end-to-end
– Addressing globale
– Multiplexage / demultiplexage des
protocoles de transport
Physical
Couches point à point
Application
•
Presentation
Link layer
–
–
–
Session
Transport
Partages du medium
Detection des bornes de trames
Detection d'erreur, correction et
retransmission
Network
Link
Physical
24
•
Physical layer
–
Transmission et codage
du signal
2.1 Introduction
Mise en couche
• Encapsulation/decapsulation pour gerer les
different couches
M
Ht M
H nH t M
H l H nH t M
source
destination
application
transport
network
link
physical
application
transport
network
link
physical
M
message
Ht M
segment
H nH t M
H l H nH t M
datagram
frame
Mise en couche: encapsulation
– Chaque couche n recoit des données (protocol data unit PDU(n+1))
de la couche supérieure n+1, qui est une service data unit SDU(n)
au niveau n
– Ajoute un header (PCI(n), protocol control information), avec
information de control propre de son niveau
– Passe la nouvelle unité de données PDU(n) à la couche inférieure
M
Ht M
H nH t M
H l H nH t M
source
destination
application
transport
network
link
physical
application
transport
network
link
physical
M
message
Ht M
segment
H nH t M
H l H nH t M
datagram
frame
25
26
D. Rossi – RES224
Mise en couche: decapsulation
– Chaque couche n recoit une unité données (PDU(n), protocol data unit)
de la couche inferieure n-1
– Interprete le header (PCI(n), Protocol control information), et les
information de control propre de son niveau
– Passe la nouvelle unité de données (SDU(n), service data unit) à la
couche superieure
M
Ht M
H nH t M
H l H nH t M
source
destination
application
transport
network
link
physical
application
transport
network
link
physical
M
message
Ht M
segment
H nH t M
H l H nH t M
datagram
frame
Remarque
• Couches protocolaires: en principe
– Repartition de taches, eviter duplication des fonctionnalités
– Offre des fonctions bien definies aux couches en haut
(en utilisant les fonctions des couches en bas)
• Couches protocolaires: en pratique
– Replication des fonctionnalités possiblé:
• Controle d’integrité aux niveaux
2 (DataLink), 3 (Network) et 4 (Transport)
– Violation de niveau courant (cross-layer):
• TCP checksum est effectué sur header IP,
• Checksum IP computé par la carte Ethernet,
• Violation de codage PHY pour delimiter les trames,
• …
26
2.1 Introduction
Internet: Quel type de réseau ?
Réseaux
Internet
Commutation de
circuits
FDM
TDM
Network
Transport
Commutation de
paquets
Réseaux
avec VC
TCP
Datagramme
IP
UDP
Internet: Quel type de réseau ?
Definitions:
• Signalisation
– Echange d’information concernant le controle et la gestion d’un réseau de
telecommunication
• Commutation
– Le proces d’interconnexion de ressources pour le temps necessaire à la
communication
• Transmission
– Le proces de transfer d’information depuis un point du réseau vers un (ou
plusieurs) autre(s) point(s)
27
28
D. Rossi – RES224
Commutation de circuit
– La communication necessite d’une phase préliminaire de signalisation (etablissement
du circuit par signalisation)
– Dans cette phase, des ressources (frequence, slot temporels, etc.) sont allouées dans
tous les equipement traversé par le flux de donnés
– La commutation est la meme pendant toute la transmission,
et est effectué sur la base d’un identifiant de circuit
– Les données suivent le meme parcours (le circuit) fixé en phase d’etablissement de la
connexion pendant toute la communication
– Les ressources sont utilisés exclusivement par les deux partenaires jusqu’à
la cessation du service (liberation du circuit par signalisation)
•
Example
– Acces du Global System for Mobile communication (GSM)
application
6. Receive
data
Data flowNetwork
begins (PSTN), connu
– Public Switched5.Telephone
en France
transport
comme Réseau4.Telephonique
Commuté (RTC)
Call connected
3. Accept call
network
– ISDN, SONET/SDH
1. Initiate call
2. incoming call
data link
physical
application
transport
network
data link
physical
Commutation de circuit
– La communication necessite d’une phase préliminaire de signalisation (etablissement
du circuit par signalisation)
– Dans cette phase, des ressources (frequence, slot temporels, etc.) sont allouées dans
tous les equipement traversé par le flux de donnés
– La commutation est la meme pendant toute la transmission,
et est effectué sur la base d’un identifiant de circuit
– Les données suivent le meme parcours (le circuit) fixé en phase d’etablissement de la
connexion pendant toute la communication
– Les ressources sont utilisés exclusivement par les deux partenaires jusqu’à
la cessation du service (liberation du circuit par signalisation)
Example
– Acces du Global System for Mobile communication (GSM)
– Public Switched Telephone Network (PSTN), connu en France
comme Réseau Telephonique Commuté (RTC)
– ISDN, SONET/SDH
28
2.1 Introduction
Commutation de paquet
– Mode datagramme
• Chaque paquet porte information de controle necessaire pour
son acheminement
• La fonction de commutation est instantanée pour chaque paquet,
• Aucune ressource n’est reservée, ni la signalation necessaire
• En revanche, aucune performance n’est garantie
– Mode circuit virtuel
• Transmission orienté connexion dans reseaux à paquets
• Examples
application
– mode datagramme au niveau reseau IP et transport UDP
application
transport
– transport
mode circuit virtuel au niveau transport TCP et link-layer X.25, FrameRelay, ATM,
network
MPLS
network
data link
physical
1. Send data
2. Receive data data link
physical
Commutation de paquet
– Mode datagramme
• Chaque paquet porte information de controle necessaire pour
son acheminement
• La fonction de commutation est instantanée pour chaque paquet,
• Aucune ressource n’est reservée, ni la signalation necessaire
• En revanche, aucune performance n’est garantie
– Mode circuit virtuel
• Transmission orienté connexion dans reseaux à paquets
Examples
– mode datagramme
• Couche reseau IP et couche transport UDP
– mode circuit virtuel
• Couche transport TCP, link-layer X.25, FrameRelay, ATM, MPLS
29
30
D. Rossi – RES224
Commutation de paquets: delai
• Les paquet subissent du delai à chaque saut
• Quatre sources de delai:
– Processement (<µs)
– File d’attente (µs – s)
Processement
- Transmission = P/C (µs – ms)
- Propagation = D/V (LAN < ms,
WAN >10ms)
Transmission
P=taille de paquet
C=capacité du lien
D=distance
V=vitesse du signal
File
Propagation
d’attente
Recap: Circuits vs paquets
• Commutation de circuits:
30
• Commutation de paquets:
– la function de commutation alloue
des ressources aux usagers qui
souhaitent etre
mis en communication
– un (ou plus) circuit pour le sont
mis en place avec une phase de
signalisation
– la liberation des ressources
necessite d’une signalisation
explicite
– la function de commutation
n’alloue aucune ressource
– toutes les ressources sont
toujours disponibles pour la
transmission des paquets
– les paquets attendendent dans
des files que les ressources se
libèrent
– Garantie de performance
– Pas de file d’attente
– Gachis de ressource potentiel
– Pas de garanties, délai variable
– Utilisation plus efficace et
flexible des ressources
2.1 Introduction
Recap: Circuit vs circuits virtuels
Similitudes
Differences
•
Modalité de transmission orienté
connexion
•
•
Dans les deux cas, les données
sont transferés dans le meme
ordre avec lequel ont été
transmis
La commutation de circuit
garantie les performance
(e.g., debit, delai) car les
ressources ont été alloués
en usage exclusif
•
Le circuit virtuel ne garantie pas
les performances, car les
ressources sont partagés pour
benefier du statistical
multiplexing
•
Signalisation necessaire pendant
l’etablissement et la liberation de
la connexion
Internet: qui fait quoi ?
application
transport
network
data link
physical
application
transport
network
data link
physical
application
transport
network
data link
physical
Applications: à partir du prochain cours de RES224
Transport et réseau: apercu ici, details dans RES223, RES343…
31
32
D. Rossi – RES224
Couches transport et réseau
Protocoles de
Routage
•Choix du chemin
•Plusieurs niveaux
•RIP, OSPF, GP
Couche
Réseau
Couche Transport
TCP, UDP, SCTP, DCCP, …
Protocole IP
•Adressage, acheminement
•Format des datagrammes
•Traitement des paquets
Table
de
routage
Protocole ICMP
•Rapport d’erreur
•signalisation
Transport: TCP et UDP
TCP
• UDP
– Service à circuit virtuel, orienté
connexion, remise fiable et dans l’ordre,
– Impose la vitesse d’emission (cfr slide
suivant) et la taille des messages (de
preference MSS + header TCP = MTU)
– Introduit un délai supplementaire initiale
lié à l’etablissement du circuit (3 way
handshake)
SYN+ACK
ACK + GET
RTT
Data + FIN
FINACK
temps
32
Etablissement
de connexion
• TCP
SYN
Round
Trip
Time
(RTT)
Fermeture Transfert de
connexion données
– Service datagram, non fiable,
non orienté connexion
– Flexibilité dans le bitrate et la taille
des messages à envoyés (limité
par le MTU de la couche IP)
TCP
2.1 Introduction
Transport: TCP et UDP
•
Transfer de données TCP
– A tout moment, vitesse d’emission lié
à la fenetre coulisante (sliding window)
w = min(cwnd,rwnd)
– Rwnd = receiver window, controle de
flux (eviter de transmettre plus que
le recepteur n’est capable de stoquer)
– Cwnd = congestion window, controle de
congestion (eviter de transmettre plus
que le reseau ne peut supporter)
Dynamique de cwnd
– Algos: slow-start, congestion avoidance,
fast-recovery, fast-retransmit, timeout,etc.
– Slow-start: croissance exponentielle, à
partir de 1 segment par RTT(jusqu’à un
seuil sstrhesh), cwnd++ à chaque ACK
– Congestion avoidance: croissance lineaire,
à partir de ssthresh, cwnd+=1/cwnd
à chaque ACK
TCP
TCP
RTT
Transfert de
données
•
RTT
RTT
temps
cwnd
Congestion
avoidance
Packet
losses
Fast-recovery
Slow start
Timeout
123…
Temps (RTT)
Acheminement IP
• Pour chaque paquet
– Decider sur quel lien il doit etre acheminé
– Exclusivement en fonction de l’adresse de destination
– Lookup dans des tables de routage
• Longest prefix matching
• Ternary Content Addressable Memory (TCAM)
33
34
D. Rossi – RES224
Routage IP
• Echange d’information entre routeurs
– But: construction des tables de routage
– Taxonomie:
• Link state: propagation d’information topologique locale
à tous les noeuds du reseau
• Distance vector: propagation d’information globale
seulement aux voisins
Distance vector
Link state
Routage Inter-AS et Intra-AS
C.b
B.a
Passerelles :
A.a
b
a
A.c
C
a
d
A
b
AS = Autonomous System
(cfr. Structure d’Internet)
c
a
B
c
b
•Exécutent le routage
inter-AS entre elles
•Exécutent le routage
intra-AS avec les autres
routeurs de l’AS
Couche réseau
Couche liaison
Couche physique
34
2.1 Introduction
Structure d’Internet
• Taxonomie par etendue geographique des reseaux
– Réseaux étendus (WAN, Wide Area Network)
• Pays, continents
– Réseaux métropolitains (MAN, Metropolitan Area Network)
• Ville, collectivités locales
– Réseau locaux (LAN, Local Area Network),
• De la salle au campus
– Réseaux personnels (PAN, Personal Area Network)
• Autour de l’individu (dans sa sphere d’action), capteurs (communication limité)
• Taxonomie par hierarchie d’Interconnexion
– Entités = Internet Service Providers (ISP)
– 3-tiered architecture (unofficielle mais courante)
• Tier-1 ISP: se connectent avec tous les autres Tier-1 ISPs (topologie
maillée)
• Tier-2 ISP: se connectent (typiquement) à plusieurs Tier-2 ISP
• Tier-3 ISP: se connectent à un Tier-2 ISP
Structure d’Internet
•
Tier-3 (ISP locaux)
•
Tier-2 (ISPs régionaux)
•
Tier-1 (National/International
Service providers NSPs)
– Se connectent aux ISPs régionaux
local
ISP
– Se connectent aux NSPs
– aka NBP (National Backbone
Provider) e.g. BBN/GTE, Sprint,
AT&T, IBM, UUNet
– Échangent du trafic d'égal à égal
(peering relationship, sans generer
des couts de transmission)
– Connectent les réseaux ensemble de
façon privée ou via un réseau public
– Les NSPs doivent être connectés
entre eux par des NAPs (Network
Access Points)
regional ISP
NSP B
NAP
NAP
NSP A
regional ISP
local
ISP
35
36
D. Rossi – RES224
Structure d’Internet
• Les Tier-2 se connectent aux Tier-1 ISP
– Customer-provider relationship, engendre des couts
d’acheminement
Tier-2 ISP
Le Tier-2 paie pour
accéder à l'Internet
via le Tier-1
Les Tier-2 font
aussi du peering
Tier-2 ISP
Tier 1 ISP
NAP
Tier 1 ISP
Tier 1 ISP
Tier-2 ISP
Tier-2 ISP
Tier-2 ISP
Structure d’Internet
• …et ainsi de suite
Virtual
Tier 3
ISP
ISP
Clients des ISP
de plus haut
niveau pour la
connectivité à
l'Internet
Tier-2 ISP
local
ISP
Tier-2 ISP
Tier 1 ISP
NAP
Tier 1 ISP
Tier-2 ISP
local
local
ISP
ISP
36
local
ISP
local
ISP
Tier 1 ISP
Tier-2 ISP
local
ISP
Tier-2 ISP
local
ISP
2.1 Introduction
Structure d’Internet
Dans son voyage de bout en bout, un paquet va donc traverser
plusieurs AS, et plusieurs routeurs dans chaqun des AS
Virtual
Tier 3
ISP
ISP
local
ISP
local
ISP
Tier-2 ISP
local
ISP
Tier-2 ISP
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
Tier-2 ISP
local
local
ISP
ISP
Tier-2 ISP
local
ISP
Tier-2 ISP
local
ISP
References
• Organismes
– http://www.ietf.org
• IETF (Internet Engineering Task Force)
– http://www.isoc.org
• Internet Society
– http://www.w3c.org
• World Wide Web Consortium
– http://www.ieee.org
• IEEE (Institute of Electrical and Electronics Engineers)
– http://www.acm.org
• ACM (Association for Computing Machinery)
• Optional reading
– « A brief history of the Internet », by those who made the history
http://www.isoc.org/internet/history/brief.shtml
37
38
D. Rossi – RES224
?? || //
38
2.2 Les applications client-server
RES 224
Architecture des applications Internet
Les applications Internet
dario.rossi
Dario Rossi
RES224
http://www.enst.fr/~drossi
v250811
Plan
• Terminologie et perimetres de RES224
•
Application et Protocoles
• Architectures applicatives vs Architectures reseaux
•
•
Applicatives: Client-server, Content distribution networks,
Peer-to-peer
Reseaux: IP Multicast, Content centric networking
• Couche applicative et couches TCP/IP
•
•
Interactions
Interface (socket)
• Type d’applications et mesure de performance
•
•
•
Applications orientés donnés vs application multimedia (voix, video)
Quality of Service (QoS) vs Quality of Experience (QoE)
Choix du protocole de transport
• References
39
40
D. Rossi – RES224
Que sont les applications ?
User
•
application
transport
network
data link
physical
Router
•
AS1
AS2
Billing •
Server
Video
Server
application
transport
network
data link
physical
application
transport
network
data link
physical
•
Raisons d'être des réseaux
informatiques
Nombreuses types:
– accès distant, email, transfert de
fichiers, newsgroups, forums de
discussion, Web, multimédia
téléphonie, vidéoconférence,
audio et vidéo à la demande, etc.
Vagues de popularité:
– Mode texte (1980s) Web (1990s)
P2P (2000s) Social (2010s):
Souvent : logiciels distribués entre
plusieurs systèmes
– Communication entre les
applications
Applications: une vue d’ensemble
•
“Application” est un terme abusé ou
imprecis
– L’application de messagerie c’est
votre logiciel mail preferé ?
•
On definira plusieurs aspect qui sont
commun aux applications
– Architecture
– Procole
– Processus:
Architecture
Hote
Agent utilisateur
Socket
Protocole
Socket
Daemon
Serveur
• agents et daemons
– Communication inter-processus
• Sockets
40
2.2 Les applications client-server
Applications réseaux : processus
– programme applicatif qui
s’exécute sur un hôte
– définies par le système
d’exploitation
– des messages applicatifs
– avec un protocole de couche
application
• Ces processus peuvent avoir
un role different en fonction
de l’architecture
• Le processus émetteur et
récepteur supposent qu'il
existe une infrastructure de
transport en-dessous
RES223
INF
• Deux processus
communiquent sur un même
hôte avec des communications
interprocessus
• Deux processus s’éxécutant
sur deux hôtes différents
communiquent en échangeant
RES224
• Les entités communicantes
sont des processus, soit
Les protocoles
Les humains utilisent des protocoles sans arrêt… un example avec Alice et Bob
Bonjour
Bonjour
T’as du feu ?
…
Protocoles humains:
• Emission de messages spécifiques
– “Quelle heure est-il ?”, “S’il vous plait”, “Veuillez agréer” …
•
Actions spécifiques accomplies après réception de messages ou d'événements
particuliers
41
42
D. Rossi – RES224
Protocoles applicatifs
•
Définissent :
– Le type des messages
• Requête, réponse…
application
transport
network
data link
physical
– La syntaxe des types de messages :
• Format des champs du message
– La sémantique des champs,
• La signification des champs
– Les règles de communication
• Déterminent quand et comment un
processus envoie des messages et
y répond
•
application
transport
network
data link
physical
application
transport
network
data link
physical
Protocoles applicatifs
– du domaine public
• Définis dans les IETF RFC (ex HTTP,
SMTP, client-server)
• Definis dans autres fora (e.g., Gnutella,
BitTorrent BEP, etc.)
– Propriétaires
• ex KaZaA, Skype, téléphonie IP,
Architectures applicatives
• Terminologie
Service consumer
Communication
logique L4/L7
Service producer
Internet
Infrastructure
physique
Local/regional nets
Servers
8
42
2.2 Les applications client-server
Architectures: Client-server
• Paradigme client-server
– Problemes de passage à l’echelle
9
Architectures: Client-server
• Le côté client d'un système terminal
communique avec le côté serveur
d'un autre système
• Le serveur doit servir toutes le requetes
de plusieurs clients (problemes de charge)
• Examples
client
application
transport
network
data link
physical
•
Web :
– navigateur Web = côté client de HTTP
– serveur Web = côté serveur de HTTP
• Email :
– Serveur émetteur = côté client de SMTP,
– Serveur récepteur = côté serveur de SMTP.
application
transport
network
data link
physical
Les applications Internet typiquement s’appuient
sur deux entités: le client et le serveur
43
44
D. Rossi – RES224
Architectures: Client-server
Client :
• Demande un service
• Initie le contact avec le serveur,
ouverture active de la connession
• Implementé dans un logiciel usager
• Web browser, mail reader, …
Client
application
transport
network
data link
physical
Serveur:
• Propose des services
• Reste à l’écoute pour des requetes de service
• Implementé dans un daemon
Server
• Le serveur Web, SMTP, …
Remarque :
• Les applications client-server peuvent etre
centralisés
• Une même machine peut implémenter les
côtés client et serveur au meme temps
application
transport
network
data link
physical
Les applications Internet typiquement s’appuient
sur deux entités: le client et le serveur
Architectures: CDN
• Content distribution network (CDN)
– Infrastructure couteuse
12
44
2.2 Les applications client-server
Architectures: CDN
Client
•
Content distribution networks
– Business de replication de
contenu le plus proche à l’usager
– But: eviter le cout de transit
customer-provider entre AS et ne
le payer qu’une seule fois
application
transport
network
data link
physical
• Examples
– Videos YouTube (pre-google era),
patches Microsoft, Antivirus
– 28 services CDNs commerciaux
en 2011, parmi les plus connus
Akamai, Limelight,
CDN
application
transport
network
data link
physical
application
transport
network
data link
physical
Architectures: Multicast, CCN
RES223,
RES343,
…
• IP Multicast, Content Centric Networking CCN
– Complexes (IP multicast utilisé pour TV over IP)
14
45
46
D. Rossi – RES224
Architectures: Peer-to-peer
• Paradigme P2P
Couche application (deployment facile)
Use toutes les resources (scalable)
Ressources en periferie (deplace couts)
15
Architectures: Peer-to-peer
Peer
peer
• Joue le role de client et server à la fois
• Client, demande des service à d’autres peers application
transport
• Serveur, fournit des services à d’autres peers network
Remarques :
• Les serveurs sont des machines dediés,
mises en place par un fournisseur de services
•
•
46
L’application client-server peut faire
assumption que les serveurs soient
toujours disponibles (sauf panne).
Les peers sont des machines d’usager, qui ne
fournit donc aucune garantie de service
•
•
data link
physical
Les applications doivent faire assumption
que les peers ne soient pas toujours disponibles
Les applications peer-2-peer sont fortement distribués
application
transport
network
data link
physical
2.2 Les applications client-server
Interaction
L7 overlayPeer-to-peer
vs IP underlay
Architecture:
Les applications
• •Paradigme
P2P Internet (L7 OSI) posent
sur l’infrastructure TCP/IP sous-jacente
P2P
overlay
IP
underlay
17
Interaction L7 overlay vs IP underlay
• Les applications Internet (L7 OSI) posent
sur l’infrastructure TCP/IP sous-jacente
L7
overlay
Interaction L7/L3:
applications vs
couches TCP/IP
IP
underlay
18
47
48
D. Rossi – RES224
Interaction L7 overlay vs IP underlay
• Control du trafic emis (“network friendly” lorsque
competition equitable par rapport à TCP)
L7
overlay
Problematique
type L4, solutions
autres que TCP
(e.g., Skype,
BitTorrent, etc.)
IP
underlay
19
Interaction L7 overlay vs IP underlay
• Routage applicatif du trafic (“network aware” quand le
trafic est localisé autant que possiable au sein du ISP)
$$
L7
overlay
Problematique
type L3, solutions
autres que IP, RIP,
OSPF et BGP
IP
underlay
AS1
AS2
20
48
2.2 Les applications client-server
Socket: Interface applicative TCP/IP
•
•
Socket: Application program interface (API)
– Porte d'entrée des données du reseau d'un processus applicatif
– Interface entre la couche application et les couches TCP/IP
Le développeur contrôle la partie application des sockets
– il n'a que peu de contrôle sur la partie transport: choix
du protocole et ajustement de quelques paramètres
process
process
socket
socket
TCP/IP
TCP/IP
Internet
driver
driver
NIC
NIC
Contrôlé par le
développeur de
l'application
Contrôlé
par l'OS
Contrôlé
par le fabricant
Software
Software
Hardware
NIC = Network interface card
Socket: Interface applicative TCP/IP
• Traduction
• Sockets:
– Type de protocole de transport
– Addresse IP de la machine
– Addresse TCP du processus
(numero de port)
– Service d’annuaire pour la
translation d’addresses (DNS)
• Remarque: focus de RES224,
details dans la suite
– Regles pour les numeros
de port (/etc/services)
• Addresses
– Point de vue human: URL
• Remarque: focus de RES223,
rappel dans la suite
• http://www.google.com
– Point de vue réseau
• Remarque
• L3: Addresses IP
• L4: Numero de port
– Le quintuplet (IPs,Ps,IPd,Pd,proto)
est unique dans le reseau
http://www.google.com
drossi@enst.fr
TCP/IP
137.192.164.1:37562
Internet
TCP/IP
74.125.39.180:80
49
50
D. Rossi – RES224
Adressage: point de vue transport
•
•
•
•
Numéro de port: Entier sur 16bits (=65K), double fonctionalité
Multiplexage (numeros ephemères > 32K)
Un client telecharge deux
– Permet de différencier parmi les processus locaux fichiers en parallel à partir
auxquels le message contenu dans le datagramme du meme serveur HTTP:
il ne voudrait pas que les
IP recu doit être transmis
paquets se melangent au
niveau TCP !
Resolution (numeros reservés < 32K)
– Permet un addressage simple et deterministe au
Une fois resolu l’adresse
niveau transport
IP d’un serveur Web, on
– Well-known port numbers : RFC 1700, /etc/services connait déjà le port du
• E.g., 80 pour le serveur Web, 53 pour le DNS, etc. service HTTP (on evite
ainsi la 2eme resolution)
Remarques
– Un nouveau numéro de port est affecté à chaque nouvelle
application par IANA (affectation generalement suivie)
– Un serveur Web peut tourner sur un autre port (eg 8080) ,
une appli P2P peut tourner sur un port arbitraire (eg 80, 53)
– Les applicatif P2P n’utilisent pas/plus de numero de port
standard (e.g., pour se cacher)
Processus: Agents et Daemons
Agent utilisateur
• Implemente le coté client d’un ou
plusieurs protocoles applicatif
–
–
Implémentation du côté client du
protocole HTTP: processus qui envoie et
reçoit les messages HTTP via un socket
Implementation de l’interface avec
l’usager (visualisation + navigation +
plugins + etc. ) qui depasse le cadre
protocolaire et de RES224
•
Effectue l’open active de la
connession TCP (cfr RES223)
• Utilise (obbligatoirement)
un port ephemere
Exemples:
• DNS
– Nslookup, dig
• Web
– Browsers: Mozilla, Chrome, IE
– Crawlers: wget, …
• Rapatrie un site Web, ou partie d’un
site, effectue un mirror, …
50
Daemon
• Implemente le coté serveur d’un
protocole applicatif
• Reste à l’ecoute des requetes en
provenance des agents utilisateurs
(open passive)
• Utilise (generalement)
un port reservé
Exemples
• DNS
– Berkeley Internet Name Domain
(BIND)
• Web
– Apache, Microsoft Internet
Information Server,
– Squid (proxy)
2.2 Les applications client-server
Socket: Quel protocol de transport ?
• TCP et UDP fournissent des
service tres differnet
– (cfr. RES223/RES240)
application
transport
network
data link
physical
• Lequel choisir ?
– Étude des services fournis
par chaque protocole
– Etude du type de contenu
de l’application
– Sélection du protocole qui
correspond le mieux
aux besoins de l'application
• Beaucoup de protocoles de
transport existent
– TCP: Transport Control
Protocols
– UDP: User Datagram Protocol
– RSVP: Resource reSerVation
Protocol
– SCTP: Stream Control Transport
Protocol
– DCCP: Datagram Congestion
Control Protocol
– T/TCP: Transaction TCP
– RUDP: Reliable UDP
– etc.
Socket: Quel protocol de transport ?
• Types de flux liés
au type de contenu
– Data
•
•
•
•
Taille des paquets (Bytes)
Flux HTTP
Wb
e-mail
telechargement
...
Taille determinée par
TCP: train de paquets
taille MSS, suivi par ACK
– Multimedia
• Video (on
demand,
broadcast)
• Telephone
• ...
• … avec different
requis pour leur
transport!
Flux Skype
Taille determinée par
l’encodeur de la voix (à
bitrate variable)
Numero de paquet
51
52
D. Rossi – RES224
Socket: Quel protocol de transport ?
• Types de flux liés
au type de contenu
Temps d’interarrivée (sec)
Flux HTTP
– Data
•
•
•
•
Wb
e-mail
telechargement
...
Temps determiné par RTT
(~20ms) entre 2 trains,
pacquets back-to-back
(~0ms) pendant un train
– Multimedia
• Video (on
demand,
broadcast)
• Telephone
• ...
• … avec different
requis pour leur
transport!
Flux Skype
Temps determiné par
l’encodeur de la voix (à
bitrate variable)
Numero de paquet
Socket: Quel protocol de transport ?
Qualité de Service (QoS)
(network-centric)
Qualité d’Experience (QoE)
(user-centric)
•
•
•
•
•
Bande passante (Throughput)
Bits ecoulés par unité de temps
Probabilité de perte (Loss rate)
Probabilité qu’un packet arrive avec
des erreurs detectables mais
pas corrigeables (wireless)
Probabilité qu’un packet soit perdu
à une file d’attente (wired)
Delai (Delay)
Temps avant que le pacquet arrive
Gigue (Jitter)
Variabilité du delai
Faciles à mesurer, objectifs, peu
parlant vis à vis des applications
52
Orienté données
– Temps de completement
(Completion time)
– Reactivité pour applications
interactives
– Fiabilité
– …
•
Multimedia
–
–
–
–
Peak Signal to Noise Ratio (PSNR)
Mean Opinion Score (MOS)
Structural similiarity (SSIM)
Percetpual Evaluation of Video
Quality (PEVQ)
– …
Compliqués, couteuses, pas
d’entente à niveau mondiale
2.2 Les applications client-server
Flux orientés données
• Examples
– Web, telechargement, sessions interactives, e-mail
• Besoin primaire: fiabilité
–
–
–
–
L’information doit etre transmise sans erreur,
En cas d’erreur, il faut retransmettre
L’information doit arriver dans le meme ordre!
Utilisent la bande passante disponible (applications élastiques)
• Autres characteristiques:
– Pas de contrainte real-time
• Un delai de 3 second pour le debut de l’affichage
limite typique pour un service de type Web
• Edition de texte à distance bcp plus interactif
(terminaux, Google documents)
– Telechargement un fichier peut etre long
• …mais il devrait etre le plus court possible
Flux de streaming
• Example:
– Contenu multimedia
– Audio (radio) or video
(television) generé en real-time
Packet
sequence
number
Source
• Besoin primaire: coherence
temporelle
– Ni accelerer ni decelerer!
– Maintenir la bande passante
constante
Deadline
Receiver
Frozen stream
• Remarque:
– Estimer ou connaitre le delai du
reseau (end-to-end delay)
– Introduir un delai avant de
commencer la vision (playout
buffer)
Delay
Playout buffer
Time
53
54
D. Rossi – RES224
Flux voix
•
Transmission numerique
– Echantillonage, quantification,
codage avant de transmettre
•
•
Echantillonage du signal sur un
spectre de 4 kHz (après Nyquist
8000 samples per second )
•
Quantification à 256 niveaux
(8 bits par echantillon)
Besoin primaire
– eviter délai long et/ou
très variable
– Signal lent, assez robuste
aux pertes
•
Pulse Code Modulation (PCM)
Amelioration possibles
– Suppression de silences (ou
description de silences pour
reduire silence innaturel)
– Encodage de differences (pour
reduire bits de quantification)
– Compression “lossy“
(suppression des frequences
moins importantes)
01001100
time
•
Flux de 1 byte chaque 125 µs
(64 kbit/s de bande passante)
Flux voix
• Type de flux
– Pas besoin d’une bande passante importante
• PCM : 64 kbit/s ; iLBC (Skype) : 13,3 kbit/s ; GSM : 13,3 kbit/s
– Petit taille de paquet (80 bits to 1 kbit)
– Temps entre paquet egalement petit (<100 ms)
• Characteristiques
– Besoin de limiter le delai end-to-end
– Pas possible d’utilizer des techniques de “buffering”
• Maximum “mouth-to-ear” delai tolerable: 300 ms
(45 ms si il n’y a pas de suppression d’echo)
– Robuste contre les pertes
• qualité plus que acceptable avec 15% de perte
• Moins robuste si on utilise de la compression
(il n’y a plus de information redundante)
54
11001111
2.2 Les applications client-server
Flux video
• Contraintes similaires à la
voix, mais debit important
–
–
–
–
• Codage MPEG
– I-frames: “Intracoded” figure
complete JPEG (~1 chaque
seconde)
– P-frames: “predictive”, delta
par rapport à la precedente
– B-frames: “bidirectional”,
differences de la precedente
et suivante!
– D-frames: “DC coded”, utilisé
pour “fast-forward” (~1
chaque seconde)
TV : 720 x 576 pixels
16 bits de profondeur de couleur
25 images par second
166 Mb/s flow si pas comprimé
• La compression est donc très
importante
– MPEG1: qualité VCD 1-2 Mbps
– MPEG2: qualité DVD 5-10 Mbps
– MPEG4: qualite HDTV 20-60
Mbps
• Idée: exploiter redondances
spatiales et temporelles
I
I
B B
P
B B
B B
P
D’autres types de flux existent
•
Online gaming
– Très sensible au delai (quelques centaines
de ms, end-to-end)
– Debit typiquement peu important
•
Flux multimedia
– Transportent different types de flux (video,
voix en plusieurs langues, sous-titres, ...)
– Necessite aussi de gerer la synchronization
•
Jam-session distribuée
– Playback temps réel (50ms maximum, <20
preferablement)
– Debit potentiellement bas (MIDI) our elevé
(6 Mbps sequencing @192 kHz, 32bit)
– Example applications: Musigy, eJamming,
• Autres flux
– Pas associé à un service
specifique
• Toutes les applications
dependent de leur
fonctionnement!
– Flux de controle du reseau
• Information de controle,
routing, etc.
• Operation and management,
verification des liens, …
– Services applicatif mais
“transparents”
• Translation de noms DNS
• Signalization et notification
d’appel
• Mise en place de securité
55
56
D. Rossi – RES224
Applications, QoS et transport
Application
Transfert de fichiers
e-mail
Web
Audio/vidéo Temps réel
Pertes
Sans pertes
Sans pertes
Sans pertes
tolérant
Audio/vidéo enregistré
Jeux interactifs
Messagerie instantanée
tolérant
tolérant
Sans pertes
Application
e-mail
Accès distant
Web
Transfert de fichiers
streaming multimedia
Téléphonie sur IP
Bande passante
élastique
élastique
élastique
audio: 5Kb - 1Mb
vidéo:10Kb - 5Mb
idem
Quelques Kbps
élastique
Protocole applicatif
SMTP [RFC 821]
telnet [RFC 854]
HTTP [RFC 2068]
FTP [RFC 959]
Propriétaire (RealPlayer)
Propriétaire (Skype)
Sensible au delai
Non
Non
Non
Oui,
<100’s ms
Oui, quelques s
Oui, 100’s ms
Oui et non
Protocole transport
TCP
TCP
TCP
TCP
TCP ou UDP
En général UDP
Mais TCP est de plus en plus utilisé pour contourner
les limitations de securité (e.g., firewalls) mises en place
Dans la suite…
56
Service
Addressage
Protocole
DHCP, DNS
Transport
orienté donnés, UDP
eMail
Acces aux donnés
VoD
P2P
P2P VoIP
P2P BitTorrent
SMTP/POP+IMAP TCP
HTTP, FTP
TCP
YouTube
bang-bang over TCP
*
souvent les deux
Skype
UDP, TCP si necessaire
BitTorrent
UDP depuis 2010
Remarque
rapidité avant
fiabilité
interaction L7/L4
interaction L7/L4
controle L7
controle L7
2.2 Les applications client-server
?? || //
57
58
D. Rossi – RES224
RES 224
Architecture des applications Internet
dario.rossi
Addressage:
DNS et DHCP
Dario Rossi
RES224
http://www.enst.fr/~drossi
v250811
Plan
•
•
Introduction
L’espace de nommage DNS
– Nom et labels,
– Root et TLD
– Zones et domaines
•
Base d’information du DNS
– Ressources
– Example de base
•
Architecture et protocole DNS
– Résolution de noms
– Format de requetes/reponses
– Examples de resolution
•
Apercu du protocole DHCP
– Machine à étas finis
– Format des messages
•
58
References
2.3 Addressage: DNS et DHCP
Domain Name System (DNS)
Introduction
• Le niveau 2 relie physiquement les
équipements sur la base d’une adresse
physique (MAC)
• Le niveau 3 relie les équipements
logiquement entre eux sur la base d’une
adresse logique (IP)
• Le niveau 4 relie les applications entre elles
sur la base d’un identifiant (port)
• Le niveau 7, et donc les usagers, références
les équipements par un nom
Application
Transport
Network
Data link
Physical
– Nom symbolique « intuitif ou facile ».
– Plus simple à retenir qu’une adresse
59
60
D. Rossi – RES224
Introduction
•
Internet, grand réseaux dynamique
– Beaucoup d'adresses dans le réseau
– Adresses dynamiques et adresses statiques
•
On associe aux adresses IP un nom
symbolique
– Plus « agréable » à mémoriser qu'un
numéro
– Les noms doivent être uniques
– Nécessité de tables de correspondance
(exemple: /etc/host, HOST.TXT)
•
• Table distribué
Resolution (IP, nom)
– ARPANET: mis-à-jour periodique et
centralisée de la base (chaque nuit),
puis rediffusion à tous les hotes
– Probleme: Internet grandit
– Solution: table distribué
– Extension de l’adresse à la
notion de ressource
• Ressources correspondantes
à des addresses
– Organisation de l’espace de
nommage en domaines
• Chaque domaine gere ces
correspondances
Organismes
•
Internet Corporation for Assigned Names and Numbers (ICANN)
– Assure la gestion des noms des adresses et des identifiants de ports etc.
•
Internet Assigned Numbers Authority (IANA)
•
Regional Internet Registries (RIRs)
– Assure le travail technique de ICANs
– Delegation du travail de IANA
– RFC1466 définit les règles d'allocation des adresses IP aux RIR et aux LIR
•
60
RIRs
– APNIC (Asia Pacific Network Information Centre)
– ARIN (American Registry for Internet Numbers) qui a en charge les
Amériques et une partie de l'Afrique subsaharienne;
– RIPE NCC (Réseaux IP Européens - Network Coordination Centre) qui a
en charge l'Europe, le Moyen-Orient, l'ex-URSS et la partie de l'Afrique
non couverte par ARIN.
– AfriNIC (African Regional Network Information Centre)
– LACNIC (Latin American and Caribbean IP address Regional Registry).
2.3 Addressage: DNS et DHCP
Domain Name System (DNS)
• Les composantes du DNS
–
–
–
–
–
Un espace de nommage
Une base de données (spécification des ressources)
Un protocole pour interroger la base
Une architecture: resolver (client) et serveur
Configuration du client et server
• Plusieurs RFCs décrivent l’annuaire Internet:
– RFC 883 et 884 ensuite 1034 et 1035
• 1984: Paul Mockapetris définis le DNS
– RFC 1032, 1033, 1034, 1035, 1101, 1122, 1123, 1183, 1713,
1794, 1912, 1995, 1996, 2010, 2136, 2137, 2181, 2308, 2317,
2535-2541, 2606, etc.
• Optional readings RFC1034 et RFC1035
Espace de nommage
•
•
•
Structure d’arbre avec une racine
– La racine (root) est représentée par un point « . »
Un nœud représente un domaine
– À chaque nœud de l’arbre est associé un label
– Les informations associées à chaque nœud du domaine
sont contenus dans une base et gérées par ce nœud
(en fait, cela est simpliste… plus de details dans la suite)
– Chaque nœud peut avoir des fils, dont le labels doivent
etre différent (pour garantir l’unicité)
.
it
fr
x
z
Label
– Désigné par des caracteres alphanumériques et « - »
• En fait, limitation de praticité, car 255 valeurs seraient possibles…
mais ne sont pas sur le clavier !
y
– La taille maximum d’un label est de 63 caractères
– Pas de sensibilité à la casse (case insensitive)
• A nouveau, pratique courante et pas limitation technologique
61
62
D. Rossi – RES224
Espace de nommage
•
Nom de domaine
– Concatenation de labels sur un chemin donné
• Séparé par des dots « . » du point de vue des etres humains
• Suite de pair (longueur, label) du point de vue des messages du reseau
– La taille d’un nom de domaine est au maximum de 255 characterès
• La profondeur de l’arbre est limitée par cette taille
•
Nom de domaine complet
– Fully Qualified Domain Name (FQDN )
– doit etre unique dans le reseau (pas d’ambiguité dans la resolution)
– est composé de l’ensemble des labels d’un feuille de l’arbre jusqu’à la racine
• Par default, le DNS ajoute le nom de domaine locale (e.g., www deviens www.enst.fr.)
• Le « . » finale est souvent omis (mais www.enst.fr deviens www.enst.fr. )
•
Hormis la premiere, le choix des labels est laissé aux besoins des usages
– Le choix de www.enst.fr. est pour retrouver intuivement le nom de la machine
de l’ENST qui supporte une application WEB.
Espace de nommage
root
.
tld
edu
mil
gov
com
net
int
ddn
ibm
hp
nic
www
www
org
fr
…
ca
enst
infres
rms
62
ch
tsi
siav
2.3 Addressage: DNS et DHCP
Root
•
Root server
– Par definition, au plus haut de
la hierarchie
a NSI Herndon, VA
– points d’entrée dans le
c PSInet Herndon, VA
système de résolution globale
d U Maryland College Park, MD
g DISA Vienna, VA
– Ils ont un rôle de « reroutage »
h ARL Aberdeen, MD
des résolutions
j NSI (TBD) Herndon, VA
– Connaissent tous les autres e NASA Mt View, CA
root server
f Internet Software C. Palo
– Connaissent tous les TLDs Alto, CA
– [a-m].root-servers.net
– Essayez
• dig @a.root-servers.net
b.root-server.net
•
k RIPE London
i NORDUnet Stockholm
m WIDE Tokyo
b USC-ISI Marina del Rey, CA
l ICANN Marina del Rey, CA
Site de référence
– http://www.root-servers.org/
– http://www.publicroot.net/hint.txt
Root
L ettre
ancien nom
A
B
C
ns1.isi.edu
D
terp.um d.edu
H
I
VeriSign
USC -ISI
Cogent
University of
M aryland
NASA
E
F
G
O rganisation
ISC
U.S. DoD N IC
U.S. Arm y
aos.arl.arm y.m il
Research Lab
ns.nic.ddn.m il
nic.nordu.net
Autonom ica
J
VeriSign
K
R IPE NCC
L
M
ICA N N
W ID E Project
Ville / Etat
D ulles(*), Virginie,
M arina del Rey, C alifornie
D istribution par anycast
C ollege Park, M aryland,
M ountain View, Santa C lara
C ounty, C alifornie
N airobi, distribution par anycast
C olom bus, O hio
A berdeen Proving G round,
M aryland
Stockholm , Suède, distribution
par an ycast
D istribution par anycast
Londres, R oyaum e-Uni,
distribution par anycast
Los Angeles, C alifornie
T okyo, distribution par anycast
R égion
(continent)
États-Unis
États-Unis
États-Unis
États-Unis
K enya
États-Unis
États-Unis
U nion
européenne
U nion
européenne
États-Unis
Japon
63
64
D. Rossi – RES224
Top-Level Domain
• Les Top-Level Domain (TLD):
– Domaines de premier niveau (RFC1591)
– Connaissent tous les root server
– Connaissent les serveur delegués de
sous-domaine
• Deux types
– ccTLD: country code TLD
• ex. fr, ca, ma, us, de, …
• http://www.icann.org/cctld/cctld.html
– gTLD: generic TLD
• ex. com, org, net, …+ 7 nouveaux biz, aero, name, pro, musuem,
info et coop et encore récemment mobi
• http://www.icann.org/gtld/gtld.html
Domaine vs Zone
•
•
Domains et zones
– Un domain identifie une sous arborescence de l’espace de nommage
(Domain = lieu topologique)
– Une zone contient une base avec l’ensemble des informations
associées à ce nœud (Zone = borne administrative)
La délégation
– Un nœud délégue la gestion à un nœud fils, ceci devient une zone
• Ce qui confère la distribution des donnés au sein du DNS
• Ceci permet aux TLD de deleguer toutes les nombreuses sous-zones
(e.g., plusieurs millions de site.com.)
– Le nœud père doit être en possession des adresses où se trouvent la
base d’information des fils auxquels il a delegué des zones
• ‘‘Glue records’’ pour eviter references circulaires dans la resolution
64
2.3 Addressage: DNS et DHCP
Espace de nommage
Domaine fr
Zone fr
Zone enst
fr
enst
infres
edf
tsi
rd
siav
prod
…
rms
…
Espace de nommage
Domaine= sous-arbre,
lieu topologique
Zone= forme arbitraire,
bornes administratives
Zone
enst
ses
fr
edf
enst
Zone
infres
…
rms
infres
tsi
siav
rd
prod
Domaine
enst
65
66
D. Rossi – RES224
Domaine vs Zone
•
•
•
Zone
– Administré séparément.
– Une zone peut être subdivisée en plusieurs zones.
– L'autorité d'une zone est déléguée à une personne qui est chargée
de créer des serveurs de domaine
– Remarque: il existent des boites dont le business est de gerer
des bases de donnés DNS pour des tiers
À chaque fois qu'une zone est créé,
– L'administrateur alloue un nom à cette zone (verifié avec RIR),
– Notifie les adresses IP des serveurs DNS de sa zone à la zone père
– Les noms de machines dans cette zone sont inseré dans le database.
Remarque: pour une zone on a obligatoirement
– un serveur primaire et un serveur secondaire.
– Le serveur secondaire copie la base du premier (zone transfer).
– La difference n’est que dans le nom, les deux serveurs sont pareils
Service DNS
66
•
Le service principale du DNS consiste dans la resolution de noms:
– Associer une adresse IP à un nom
– Associer un nom à une adresse IP (résolution inverse)
– Associer un nom à une ressource
•
La résolution de nom est basé sur un modèle client/serveur
– Le serveur est celui qui détient les informations
– Chaque serveur est autoritaire sur sa propre zone
– Il consulte d’autres serveurs DNS au delà du périmètre de sa zone
•
Notion de serveur autoritaire
– Autoritaire: serveur responsable de l’information, concernant sa zone,
qu’il est en train de communiquer (le secondaire est aussi autoritaire )
– Non autoritaire: serveur qui détient l’information mais qui n’est à
l’origine de celle-ci (information retenue temporairement)
2.3 Addressage: DNS et DHCP
Ressources et base d’information du DNS
• La base d’information:
– Contient des enregistrements ou Ressources Records (RR)
– Un enregistrement représente une ressource de l’annuaire
et une association entre plusieurs objets
• Enregistrement de type Start Of Authority (SOA) :
– indique l'autorité sur la zone.
– contient toutes les informations sur le domaine:
• le délai de mise à jour des bases de données entre
serveurs de noms primaires et secondaires,
• le nom du responsable du site
• Enregistrements de type Name Server (NS) :
– les adresses des serveurs DNS responsables de la zone
Ressources et base d’information du DNS
• Enregistrement de type Adresse (A , A6, AAAA):
– définit les noeuds fixes du réseau ceux qui ont des
adresses IP statiques
• Enregistrements de type Mail eXchanger (MX) :
– Identifie les serveurs de messagerie (recepteur)
• Enregistrements de type Canonical Name (CNAME):
– définit des alias sur des noeuds existants.
• Enregistrement de type Pointeur (PTR):
– résolution de noms inverse dans (domaine in-addr.arpa.)
• Pour chaque RR, le DNS garde:
– Le nom, le type, la classe, la durée de vie, la valeur
67
68
D. Rossi – RES224
Example
enst.fr.
IN SOA ns1.enst.fr. hstr.enst.fr. (
20001210011 ; numéro de série
10800
; rafraîchissement (REFRESH)
3600
; nouvel essai (RETRY)
604800
; Obsolescence (EXPIRE)
86400 )
; TTL minimal de 1 jour
enst.fr.
IN NS ns1.enst.fr. ; commentaire
enst.fr.
IN NS ns2.enst.fr. ; enst.fr peut être
;remplacé par @
@
IN NS ns1
IN NS ns2
Example
ns1.enst.fr.
ns2.enst.fr.
smtp.enst.fr.
localhost.enst.fr.
www
ftp
enst.fr.
IN
IN
IN
IN
IN
IN
IN
A
A
A
A
CNAME
CNAME
MX
1.0.194.137.in-addr.arpa. IN PTR
68
137.194.192.1
137.194.160.1
137.194.200.1
127.0.0.1
ns1.enst.fr.
ns2.enst.fr.
smtp.enst.fr.
ns1.enst.fr.
2.3 Addressage: DNS et DHCP
Architecture/Protocole DNS
• Norme (assez) stable
– RFC 1034 : concepts et facilités du DNS
– RFC 1035 : spécification de l ’implémentation
• Protocole
–
–
–
–
Paradigme client-server, fortement distribué
Messages de type requête/réponse, format binaire
Besoin primaire: rapidité, eviter lourdeur, fiabilité
Transport: UDP et TCP
• UDP plus rapide (evite three way handshake)
• La taille des messages UDP est limité à 512 octets
• Si la réponse est supérieure à 512 octets, elle est tronquée, la
requête est retransmise une deuxième fois mais basée sur TCP
• TCP pour transfer de zone
Architecture/Protocole DNS
• Transfer de zone
– Implementé comme query DNS (ressource AXFR)
– Le serveur secondaire copie la base de données
du server primaire avec TCP (fiabilité impérative)
– Debut et fin par le SOA
• Numero de serie incrementale pour confronter versions
• Policy
– Polling periodique effectué par le serveur secondaire
– Effectué chaque REFRESH secondes
– En cas de problemes, re-essaye chaque RETRY
secondes
– Problemes persistent: la base est jetée après EXPIRE
sec
69
70
D. Rossi – RES224
Architecture/Protocole DNS
• Modalités d’interrogation
– Mode iteratif
• Obligatoire
• Complexité sur le le client
– Mode récursif
•
•
•
•
Optionnel
Complexité sur le serveur
Difficile pour troubleshooting en cas de panne
Benefique pour le cache
• En pratique
– Recursif jusqu’au serveur DNS locale
– Iteratif depuis le serveur DNS locale
Resolution
Resolution recursive
de type A pour y.x.com
2
.
3
Remarque:
La reponse dans le cache du resolver
pourra servir les prochaines requetes
6
fr
it
5
7
enst
4
com
x
z
y.x.com
8
DB
ns1
Cache
Cache
1
70
www
y
Lien logique
Lien physique
Requete
Reponse
2.3 Addressage: DNS et DHCP
Resolution
Resolution iterative
de type A pour y.x.com
2
Remarque:
La reponse dans le cache du resolver
pourra servir les prochaines requetes
.
3
fr
it
com
4
enst
x
5
y.x.com
8
DB
ns1
www
y
Cache
Cache
6
1
z
Lien logique
Lien physique
Requete
Reponse
7
Format des requêtes/réponses
1
32
IDENTIFICATION
FLAGS
NBR. DE QUESTIONS
NBR. DE REPONSES
NBR. DE RRs AUTORITAIRES
NBR.de RRs SUPPLEMENTAIRES
QUESTIONS
REPONSES
AUTORITAIRES
INFORMATIONS SUPPLEMENTAIRES
71
72
D. Rossi – RES224
Format des requêtes/réponses
•
•
Identification (16 bits): pour associer une réponse à une requête
Flags (16 bits):
– 1 QR : Question = 0 , Réponse = 1
– 2 OPCODE (3 bits)
0 question standard / 1 question inverse / 2 requête de statuts du serveur
–
–
–
–
–
–
–
–
5 AA: = 1 Authorative Answer
6 TC : = 1 Truncated Response
7 RD: = 1 Recursion Desired sinon question itérative
8 RA : = 1 Recursion Allowed indique le support de la récursion
9 Reserved : = 0
10 AD Authentic Data
11 CD Checking Disabled
12 RCODE (4bits) Reponse Code
•
•
•
•
•
•
•
0 Pas d’erreur.
1 Erreur de format, question non interprétable.
2 Problème sur le serveur.
3 Nom dans la question n’existe pas
4 Type de la question n’est pas supporté
5 Question refusée.
6-15 Réservées
Format des requêtes/réponses
Question
Nom
Type
Classe
Nom
5
v
e
r
d
i
4
e
n
s
t
2
f
r
0
FQDN
72
2.3 Addressage: DNS et DHCP
Format des requêtes/réponses
Type
Symbole
Valeur
Description
type
A
1
Adresse IP
x
type de
demande
x
NS
2
Nom du serveur de nom autoriaire
x
x
CNAME
5
Nom canonique
x
x
PTR
12
Pointeur
x
x
HINFO
13
Information sur le host
x
x
MX
15
Serveur de messagerie
x
x
AXFR
252
Requête pour zone de transfert
x
ANY / *
255
Requête pour tous enregistrement
x
Format des requêtes/réponses
Class
1= (IN) Internet address
2 = Non attribué ou non supporté
3 = Réseau Chaos du MIT
4 = attribué au MIT pour Hesiod
73
74
D. Rossi – RES224
Format des requêtes/réponses
Réponse
Nom
Type
Classe
Durée de vie de la réponse (TTL)
Longueur de la donnée
Donnée
Example
• Démonstration et analyse de trafic
Question:
00 07 cb 4c 40 e1 08 00 46 60 d6 42 08 00 45 00
00 38 46 32 00 00 80 11 28 b9 c0 a8 00 0a d4 1b
36 fc 04 18 00 35 00 24 35 ab a2 b3 01 00 00 01
00 00 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01
74
2.3 Addressage: DNS et DHCP
Example
• Démonstration et analyse de trafic
Question:
00 07 cb 4c 40 e1 08 00 46 60 d6 42 08 00 45 00
00 38 46 32 00 00 80 11 28 b9 c0 a8 00 0a d4 1b
36 fc 04 18 00 35 00 24 35 ab a2 b3 01 00 00 01
00 00 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01
Ethernet / IP / UDP / DNS
Example
• Démonstration et analyse de trafic
Question:
00 07 cb 4c 40 e1 08 00 46 60 d6 42 08 00 45 00
00 38 46 32 00 00 80 11 28 b9 c0 a8 00 0a d4 1b
36 fc 04 18 00 35 00 24 35 ab a2 b3 01 00 00 01
00 00 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01
ID / QR OPCODE AA TC RD / RA Z RCODE
75
76
D. Rossi – RES224
Example
• Démonstration et analyse de trafic
Question:
00 07 cb 4c 40 e1 08 00 46 60 d6 42 08 00 45 00
00 38 46 32 00 00 80 11 28 b9 c0 a8 00 0a d4 1b
36 fc 04 18 00 35 00 24 35 ab a2 b3 01 00 00 01
00 00 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01
QDCOUNT / ANCOUNT / NSCOUNT / ARCOUNT
Example
• Démonstration et analyse de trafic
Question:
00 07 cb 4c 40 e1 08 00 46 60 d6 42 08 00 45 00
00 38 46 32 00 00 80 11 28 b9 c0 a8 00 0a d4 1b
36 fc 04 18 00 35 00 24 35 ab a2 b3 01 00 00 01
00 00 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01
3 www 3 lcl 3 fr 0 / TYPE / CLASS
76
2.3 Addressage: DNS et DHCP
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
Ethernet / IP / UDP / DNS
77
78
D. Rossi – RES224
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
ID / QR OPCODE AA TC RD / RA Z RCODE
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
QDCOUNT / ANCOUNT / NSCOUNT / ARCOUNT
78
2.3 Addressage: DNS et DHCP
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
3 www 3 lcl 3 fr 0 / TYPE / CLASS
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
C0 0C = 11000000 00001100 => Offset Ptr +12 (to 0x03)
79
80
D. Rossi – RES224
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
CNAME / Internet / TTL=8m / Size of Ptr Len / Ptr
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
C0 0C = 11000000 00010000 => Offset Ptr +16 (to 0x03)
80
2.3 Addressage: DNS et DHCP
Example
• Démonstration et analyse de trafic
Réponse:
08 00 46 60 d6 42 00 07 cb 4c 40 e1 08 00 45 00
00 56 00 00 40 00 38 11 76 cd d4 1b 36 fc c0 a8
00 0a 00 35 04 18 00 42 17 48 a2 b3 81 80 00 01
00 02 00 00 00 00 03 77 77 77 03 6c 63 6c 02 66
72 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 e1
00 02 c0 10 c0 10 00 01 00 01 00 00 01 e1 00 04
c1 6e 98 37
TYPE/ CLASS/ TTL / Data Len / 193.110.152.55
Example
drossi@nonsns:~$ dig www.lcl.fr
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23398
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.lcl.fr.
IN
A
;; ANSWER SECTION:
www.lcl.fr.
417
lcl.fr.
417
CNAME
A
IN
IN
lcl.fr.
193.110.152.55
;; Query time: 50 msec
;; SERVER: 212.27.54.252#53(212.27.54.252)
;; WHEN: Thu Dec 20 22:21:20 2007
;; MSG SIZE rcvd: 58
81
82
D. Rossi – RES224
Résolution de nom inverse
Conclusions et remarques
• Protocole simple et flexible
– Déploiement et mise en œuvre rapide
– Adapté à plusieurs réseaux / usages
(voir SPF dans le cours SMTP)
• Plusieurs attaques structurelles possibles
– Nécessité de laisser passer le trafic DNS
(pas de filtrage)
– Exposé aux attaques mais suffisement robuste
• Talon d’Achille de l’Internet
–
–
–
–
82
9/11 twin towers (cfr. TD)
Ne supporte pas tous types de ressources
Évolutions RFC4423 (Host Identity Protocol, HIP)
Internet of things ?
2.3 Addressage: DNS et DHCP
Dynamic Host Configuration
Protocol (DHCP)
Protocole DHCP
•
DHCP
–
–
–
–
•
Basé sur Bootp + extensions (“backward compatibility)
RFC 2131 (updated 3396, 4361, 5494)
Client/server, request/reponse
Format PDU binaire sur UDP (port 67/68)
Fonctionnalités
– Gestion centralisé de l’allocation de ressource (addresses IP)
– Mise en place automatique de paramètres de configuration
• Addresse IP, netmask, default GW, DNS resolver
83
84
D. Rossi – RES224
Protocole DHCP
• En brief:
– Le client émet en broadcast un paquet de type DHCPDISCOVER,
pour identifier les serveurs DHCP disponibles
– Le serveur répond par un paquet DHCPOFFER (broadcast), qui
contient les premiers paramètres
– Le client établit sa configuration et envoie un DHCPREQUEST
pour valider son adresse IP
– Le serveur répond par un DHCPAK avec l’adresse IP pour
confirmer l’attribution.
DISCOVER
OFFER
OFFER
REQUEST
ACK
Protocole DHCP
DHCP Discover
C
DHCP Offer
Eth
macC
FF:FF:FF:FF:FF:FF
Eth
macS
macC
IP
0.0.0.0
255.255.255.255
IP
IPs
IPoffered
UDP
68
67
UDP
67
68
DHCP
Type: Discover
Transation ID: x
Opts: Hostname, preferred IP
DHCP
Type: Offer
Transaction ID: x
Params: netmask, gw, DNS,
lease time, …
S
Discover
Offer
DHCP Request
84
Eth
macC
FF:FF:FF:FF:FF:FF
IP
0.0.0.0
255.255.255.255
UDP
68
67
DHCP
Type: Request
Transation ID: x
Opts: Hostname, IPoffered,
DHCP server IPs
DHCP Ack
Request
Ack
Eth
macS
macC
IP
IPs
IPc
UDP
67
68
DHCP
Type: Ack
Transaction ID: x
Params: mask, gw, DNS, lease
2.3 Addressage: DNS et DHCP
Protocole DHCP
• Baux DHCP (DHCP lease)
– Prêt d’un adresse IP donnée pour une durée limitée (soft state)
– Demande (par le client) de prolongation du bail : DHCPREQUEST
– Optimisation des adresses IP en jouant sur la durée des baux
• Courte durée pour les réseaux où les ordinateurs se branchent
et se débranchent souvent,
• Longue durée pour les réseaux constitués en majorité de machines fixes.
• Mode Client/Serveur
– Les clients : machines disposant du protocole TCP/IP, et d’une application
DHCP (pump, dhclient)
– Les serveurs : machines ou routeurs configurés manuellement disposant du
service serveur DHCP (dhcpd)
– Fonctionne au-dessus d’UDP; les échanges sont à l’initiative des clients
Protocole DHCP
NACK
NACK
Init
Init/ Reboot
NACK
Discover
Selecting
Decline
Rebooting
Nack
Request
Collecte des messages Offers
Request
ACK
Requesting
Rejet des messages
Offer non valides
ACK
ACK
Rejet des messages
Offer/Ack/Nack
Bound
Expiration
bail
Rebinding
Expiration
du délai
ACK
Renewing
85
86
D. Rossi – RES224
Protocole DHCP
Allocation d’adresses IP
Statique
Manuelle
Adresse fixée
par l’administrateur
Automatique
Adresse fixée
définitivement
Dynamique
Dynamique
Adresse prêtée pour
une certaine durée (bail)
DHCP
References
• Optional reading:
– D.Wessel and M. Fomenkov, Wow, that’s a lot of
packets, Passive and Active Measurement (PAM),
2003
http://www.caida.org/publications/papers/2003/
dnspackets/wessels-pam2003.pdf
86
2.3 Addressage: DNS et DHCP
?? || //
87
30/08/20
88
D. Rossi – RES224
RES 224
Architecture des applications Internet
Accès au données
dario.rossi HTTP et FTP
Dario Rossi
RES224
v250811
http://www.enst.fr/~drossi
Plan
• Web
•
•
•
•
Histoire du Web
Architecture du Web
Le protocole HTTP
Performance
• FTP
• Apercu du protocole
• Connectivité
88
30/08/20
2.4 Accès aux données: HTTP et FTP
HTTP
Histoire du World Wide Web
•
•
•
•
•
•
1945,
1965,
1989,
1991,
1993,
1994,
•
•
•
•
•
•
•
•
•
•
1994,
1995,
1995,
1996,
2001,
2004,
2005,
2008,
2009,
2010,
Vannevar Bush's memex
Ted Nelson invente le mot "Hypertext"
Tim Berners Lee (CERN) debut du Web
première demonstration publique
Marc Anderson, (Univ. of Illinois at Urbana Champaign), Mosaic
World Wide Web Consortium agreement (http://www.w3c.org),
signé par MIT et CERN
Java (SUN Microsystems) rencontre le Web
Netscape devient une societé à la bourse
JavaScript
Internet Explorer commence la guerre des browsers
estimation de la taille du “deep Web”
Web 2.0
AJAX
YouTube deuxième moteur de recherche après Google
Twitter et l’Iran,
facebook, ou comment inviter 20000 personne à ton anniversaire
89
30/08/20
90
D. Rossi – RES224
Architecture du Web
Architecture du Web
Client HTTP
protocole HTTP
Browser
HTTP Proxies
Interaction HTTP / TCP
90
HTML
Serveur HTTP
Server
Focus de
RES224
RES240
30/08/20
2.4 Accès aux données: HTTP et FTP
Architecture du Web
• Hebergement (Web hosting)
– Hebergement de plusieurs
p’tit sites sur une seule
machine (eg. Geocites)
– Services d’hebergement
encore existent (eg. lately,
virtual HTTP servers)
GeoCities was shut down
26 Oct 2009. There were
at least 38 million userbuilt pages.
Architecture du Web
• Server farms
– Enormement de machines
pour faire face a à la charge
due aux nombre de clients
– Cela marche pour des
bottleneck de CPU, mais
pas de capacité
(un des centres)
Google
91
30/08/20
92
D. Rossi – RES224
Architecture du Web
• CDN
User
– Specialisés dans la
diffusion du contenu
– Redirection des requetes
CDN
AS1
AS4
• via DNS
(cfr optional readings)
• via HTTP redirection
(plus loin dans le cours)
CDN
AS2
CDN
– Multi-B$ business
CDN
• ~30 market players
• Akamai, Limelight
AS3
Video
Server
Vocabulaire du Web
Page Web:
Agents utilisateur
•
•
Ensemble d’objets
–
–
•
Page HTML de base
Objets (images, fichiers, …)
référencés par des URLs
Uniform Resource Locator (URL)
proto://nom.de.domaine:porte/chemin/d/acces.htm
•
Browser
– MS Internet Explorer, Firefox, Chrome, ..
Crawler, spider
– Wget, DeeperWeb, WebCrawler, …
Daemon
•
•
Server Web :
– Apache, Google Web server, MS Internet
Information Server, …
Proxy server
– Squid cache, Apache Traffic Server, …
Internet
http://y.x.com
92
y.x.com
30/08/20
2.4 Accès aux données: HTTP et FTP
Universal Resource Locators
•
Une precision: non seulement les objet HTTP sont désignés par URLs
•
URLs contients Protocole, machine, port, répertoire et fichier…
– …mais aussi parametres (cfr plus tard), etc. et ils peuvent donc
devenir arbitrairement compliqué…
HTML – HyperText Markup Language
• Page HTML interpreté
par le browser
• Page HTML stoqué sur
le server Web
(b)
93
30/08/20
94
D. Rossi – RES224
Documents dynamiques
• HTML pas seulement statique, mais dynamiquement crée
en fonction des demande d’usager
HTTP
• Plusieurs composant de l’architecture Web,
– coté serveur (e.g., CGI, PHP, SHTML)
– coté client (Javascript, Ajax,…)
Remarque: HTTP
intervient seulement
dans quelques cas
HTTP
HTTP
Le protocole HTTP
•
Paradigme client/server
– Client: le browser, qui demande, reçoit, affiche les objets Web
– Serveur: le serveur Web, qui envoie les réponses aux requêtes des browsers
•
Simple protocole requête/réponse
– Importance de normes: interoperabilité
– HTTP1.0 : RFC 1945
– HTTP1.1 : RFC 2068
Win95
IE5
Linux
Firefox
Machine Unix
Netscape
Internet
94
30/08/20
2.4 Accès aux données: HTTP et FTP
Le protocole HTTP
Service de transport (simplifié)
HTTP est « sans état »
•
•
•
Orienté données, donc TCP
Le client initie une connexion TCP
(socket) avec le serveur, port 80
Le serveur accepte la connexion TCP
– Quelle est la porte du client ?
Des messages HTTP (protocole
applicatif) sont échangés entre le
browser (client) et le serveur Web
La connexion TCP est fermée
– Remarque: cela depends
des options et/ou de la
version du protocle
•
•
•
•
•
Le serveur ne maintient aucune
information au sujet des requêtes
précédentes des clients
Pro: simplicité d’implementation,
passage à l’echelle
Contre: manque d’information
Les protocoles « avec état » sont
complexes !
•
•
L’histoire passée doit être gardée
Si le serveur ou le client crashe les
états peuvent être incohérents et il
faut les resynchroniser
Format des messages HTTP : requete
•
•
•
Deux types de messages HTTP : requête, réponse
Format ASCII
Message de requête HTTP :
Ligne de requête
(methode, ressource,
version protocole)
GET /~drossi/index.html HTTP/1.0
Host: www.enst.fr
Connection: close
Lignes User-agent: Mozilla/4.0
d’entête Accept: text/html, image/gif,image/jpeg
Accept-language:fr
Le retour chariot
indique la fin du message
95
30/08/20
96
D. Rossi – RES224
Format de message HTTP : reponse
•
•
•
Deux types de messages HTTP : requête, réponse
Format ASCII
Message de reponse HTTP :
Ligne d'état
(version, code et
message d'état)
Lignes
d’entête
HTTP/1.0 200 OK
Connection: close
Date: Thu, 06 Aug 2002 11:00:15 GMT
Server: Apache/1.3.0 (Unix)
Last-Modified: Mon, 22 Apr 2001 …...
Content-Length: 621
Content-Type: text/html
Vide
Données (e.g.,
html , image)
data data data data data ...
Méthodes
HTTP/1.0
• GET
– Rapatrie des objet
• POST
– Envoie des objet
• HEAD
– Requete d’information de
l’entete concernant l’objet;
– Le serveur laisse l’objet hors
de la réponse
96
HTTP/1.1
• GET, POST, HEAD
• PUT
– Charge le fichier dans le corps
vers le chemin spécifié dans
l’URL
• DELETE
– Efface le fichier indiqué dans
le champ URL
30/08/20
2.4 Accès aux données: HTTP et FTP
(Charger du contenu de formulaire)
Méthode POST
• Une page web peut contenir des
inputs de formulaires
• Input envoyé au serveur dans le
corps du message POST
Méthode GET
• Input envoyé directement dans le
champ URL du message GET
www.somesite.com/q?animal=monkeys&fruit=banana
Examples d’Entetes
97
30/08/20
98
D. Rossi – RES224
Codes de réponse HTTP
200 OK
– La requête a réussi et l’objet demandé est à la suite dans le corps du message
301 Moved Permanently
– L’objet demandé a changé définitivement de place (voir corps du message)
400 Bad Request
– La requête est erronée
404 Not Found
– Le document demandé n’est pas disponible sur le serveur
505 HTTP Version Not Supported
Mechanismes HTTP
• Interaction avec le niveau transport
– Connexion persistantes
– Pipelining des requetes
• Contourner l’absence d’etat de HTTP
– Authorization
– Cookies
• Architecture et performance
– GET Conditionnel
– Redirection
– Proxy HTTP
98
30/08/20
2.4 Accès aux données: HTTP et FTP
Mechanismes HTTP
• Interaction avec le niveau transport
– Connexion persistantes
– Pipelining des requetes
• Contourner l’absence d’etat de HTTP
– Authorization
– Cookies
• Architecture et performance
– GET Conditionnel
– Redirection
– Proxy HTTP
HTTP non persistant
Côté serveur
Côté client
SYN
1a. Le client HTTP initie une
connexion TCP au serveur
HTTP sur le port 80
(open active)
SYN+ACK
2. Le client HTTP envoie les
requêtes HTTP (contenant des
URLs) sur la connexion TCP
temps
5. Le client HTTP reçoit la réponse
contenant le fichier HTML,
l’affiche, et trouve les URLs
référencées
GET
Data
FIN
1b. Le serveur HTTP attend une
connexion TCP sur le port 80.
Il accepte la connexion, et
l’annonce au client (open passive)
3. Le serveur HTTP reçoit le message
de requête, génère le message de
réponse contenant l’objet requis,
et l’envoie sur la connexion TCP
4. Le serveur ferme la connexion TCP
(half close)
6. Les étapes 1-5 sont répétées pour chaque URL référencée
(e.g. images à telechargér), potentiellement en parallel
99
30/08/20
100
D. Rossi – RES224
SYN
RTT
Temps de completement: 2RTT+tTX
• tTX depends de l’etat de la connexion
• Slow start: 1,2,4,8,… segments par
RTT au debut
SYN+ACK
ACK + GET
RTT
World Wide Wait!
• Le browser ne peut que commencer
à afficher les données apres 2 RTT
• Slow-start pour tous les objects
Data + FIN
FINACK
Fermeture Transfert de
connexion données
Temps de réponse: 2RTT
• Un RTT pour la connexion TCP
• Un RTT pour la requete HTTP et le
premier segment TCP de la reponse
HTTP (~1460 octets)
Etablissement
de connexion
Interaction avec TCP
HTTP persistant
Côté serveur
Côté client
SYN
1a. Le client HTTP initie une
connexion TCP au serveur
HTTP sur le port 80
(open active)
SYN+ACK
GET
2. Le client HTTP envoie la requête
HTTP sur la connexion TCP
Data
4. Le client HTTP reçoit la réponse
HTML, les URLs référencées et
envoye >1 requetes (pipelining)
100
GETs
Data
temps
6. Une fois la page completé, le
browser ferme la connexion
(ou sinon le server après un
timeout de k*300s )
1b. Le serveur HTTP attend une
connexion TCP sur le port 80.
Il accepte la connexion, et
l’annonce au client (open passive)
3. Le serveur HTTP reçoit le message
de requête, génère le message de
réponse contenant l’objet requis,
et l’envoie sur la connexion TCP
5. Le serveur envoye les reponses sur
la meme connexion dès que
l’algorithme de controle de
congestionde TCP le permet
(cwnd)
30/08/20
2.4 Accès aux données: HTTP et FTP
Connexion Persistantes et Pipelining
Connexion non-persistante
Connexion Persistante
•
•
•
HTTP/1.0
Le serveur interprète les requêtes,
répond et ferme la connexion TCP
•
•
Probleme (cfr slide suivant)
•
•
•
Au moins 2 RTTs pour lire
chaque objet (handshake)
Chaque transfert doit subir
le slow-start de TCP
Exemple : page contenant:
– 1 HTML + 10 petits JPEG
Performance
•
Remarque
•
Les navigateurs HTTP/1.0 utilisent
plusieurs connexion en parallel !!
Par défaut dans HTTP/1.1 introduite
ensuite dans HTTP/1.0
Une seule connexion TCP
Pipelining: le client envoie les requête de
tous les objets requis dès qu’ils sont
référencés dans le HTML
=> pas obligé d’attendre une reponse
pour envoyer une nouvelle requete
•
Gain en performance pour le client
– Moins de RTTs en debut de connexion
=> moins de delai
– Moins de slow start (maintien des
parametres) => plus de bande passante
Gain en performance pour le serveur
– Moins de ressources employés (socket)
=> plus de clients servis
Mechanismes HTTP
• Interaction avec le niveau transport
– Connexion persistantes
– Pipelining des requetes
• Contourner l’absence d’etat de HTTP
– Authorization
– Cookies
• Architecture et performance
– GET Conditionnel
– Redirection
– Proxy HTTP
101
30/08/20
102
D. Rossi – RES224
Contrôle d'accès
•
Intérêt: accès restreint
•
HTTP fournit des codes et des entêtes
d'état pour permettre l'authentification
GET
– Server: 401 Authorization Required
– Client : Authorization : …
• user name
• Password (en clair!
•
401: authorization req.
WWW authenticate:
HTTP est sans état
GET
Authorization: <cred>
– Le client doit être autorisé à chaque
requête
– Necessaire d’utiliser l’ en-tête
Autorisation: dans chaque requête
– Autrement erreur 401
•
200 OK...
GET
Authorization: <cred>
Totalement insecure
– sauf si utilisé avec SSL/TLS (Secure
Socket Layer / Transport Layer Security)
200 OK...
Cookies
Le cookie, soit
– Un identificatif unique,
transporté dans l’entete HTTP
– Introduisent de l’etat dans
un protocole sans etat
– Elegant, simple, scalable, espion
– Flexible: interpretation arbitraire
– RFC 2109
Quatre composantes
1) Cookie dans HTTP request
2) Cookie dans HTTP response
3) Fichier cookie chez l'utilisateur et
géré par le browser
4) Database derriere le site Web
102
Pros/Cons
– Authorisation implicite
– Caddies (e-commerce)
– État session (Web e-mail)
– Publicité/offre personalisé
– Privacy issues
Proprietés
– Transportés par HTTP
– Gérés au dela de HTTP
– >300 cookies par browser
– >4096 bytes par cookie
– >20 cookie par domaine
– Remarque: 1 cookie =
plusieurs segments TCP
30/08/20
2.4 Accès aux données: HTTP et FTP
Cookies
GET /index.php?id=122
HTTP/1.1
Accept: */*
Referer:
http://www.test.fr/index.
php?id=19
Accept-Language: fr
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0
(compatible; MSIE 7.0;
Windows NT 5.1; .NET
CLR 1.1.4322; .NET CLR
2.0.50727; InfoPath.2)
Host: www.test.fr
Connection: Keep-Alive
Cookie: user=8441e98f05;
TestCookieAlone=ok;
Nombre_visite=6;
Derniere_visite=20%2F12
%2F2006+%E0+09%3A20
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2006
08:20:17 GMT
Server: Apache/1.3.31 (Unix)
PHP/4.4.4 mod_ssl/2.8.18
OpenSSL/0.9.6b
X-Powered-By: PHP/4.4.4
Set-Cookie: user=8441e98f05;
Nombre_visite=6;
expires=Wednesday, 27-Dec-06
08:20:18 GMT
Set-Cookie:
Derniere_visite=20%2F12%2F2
006+%E0+09%3A20;
expires=Wednesday, 27-Dec-06
08:20:18 GMT
Keep-Alive: timeout=15,
Connection: Keep-Alive
GET
200 OK
Setcookie:
GET
Cookie:
DB
Operations
specifiques
au Cookie
200 OK
Contenu
personalisé
Espionnage avec les Cookies
•
•
et
et
representent des image 1x1 pixels, de couleur transparent
ne sont pas hebergés sur site1.com, … mais sur spy.com
Site1.com
Site2.com
Spy.com
<img src=spy.com/img-1.png>
HTML
Img-1
Img-2
HTML
GET
•
•
•
•
•
Site1.com vous renvoye vers Spy.com pour
Spy.com recoit une requete pour img-1, vous
envoye un cookie C, et sait que C a visité Site1
Quand vous visitez Site2.com, votre browser doit
utiliser le meme cookie C pour obtenir img-2, etc.
Spy.com peut alors connaître le comportement de C
En moyenne, environ 80 sites comme spy.com par session
GET
,C
SETC
103
30/08/20
104
D. Rossi – RES224
Mechanismes HTTP
• Interaction avec le niveau transport
– Connexion persistantes
– Pipelining des requetes
• Contourner l’absence d’etat de HTTP
– Authorization
– Cookies
• Architecture et performance
– GET Conditionnel
– Redirection
– Proxy HTTP
GET Conditionnel
•
Objectif
– ne pas envoyer un objet que le
client a déjà dans son cache
•
Problème
–
les objets contenus dans le cache
peuvent être obsolètes
•
Solution
•
Operation
GET
If-modified-since: <date>
– GET conditionnel
– client: spécifie la date de la copie
cachée dans l’entete
If-modified-since: <date>
– serveur: la réponse est vide si la copie
cachée est à jour HTTP/1.0 304 Not
Modified
•
GET
If-modified-since: <date>
Remarque
– Plus efficace que effectuer une
requete HEAD, verifier la date de
l’objet et telecharger si modifié
– HEAD aurait besoin d’un RTT en plus
104
HTTP/1.0
304 Not Modified
HTTP/1.0 200 OK
…
Data
30/08/20
2.4 Accès aux données: HTTP et FTP
HTTP Redirection
YouTube
Web
Frontend
GET get_video?video
_id=XYZ HTTP/1.1
HTTP/1.1 303 See other
location: http://sjcv110.sjc.youtube.com/g
et_video?video_id=XYZ
YouTube
video
server
Geolocalisation
de l’hote, choix
d’un serveur
video proche
peu chargé
GET get_video?video
_id=XYZ HTTP/1.1
200 OK
Video data
Proxy server (Cache Web)
Proxy
server
Interet
– ne contacter le serveur
d’origine que si necessaire
Remarque
– Le cache locale HTTP permet
aux browsers de garder les
pages lues (~/.mozilla/Cache)
– Ce cache n’est pas partagé
Web
server
Deux types de proxy
– Explicite: configuration du browser
pour qu'il pointe vers le proxy server
– Transparent: intercepte et modifie les
packets
Fonctionnement
– Si l’objet est dans le cache, le proxy
le renvoie tout de suite
– Sinon il demande au serveur
d’origine, cache, et répond ensuite
– Proxy = client et serveur
105
30/08/20
106
D. Rossi – RES224
Proxy server (Cache Web)
Principe
• Le cache est proche du client
• Cache partagé par tous les
clients du meme reseau
Cout
• Réduction du débit à l’acces, economie
de bande passante dans le coeur
• Réduction du Opex (facture ISP) avec
investissement Capex (serveur proxy)
N
….
2
Performance
• Réduction du temps de réponse
– Delai plus faible en LAN (<1ms) que
sur Internet (parfois >100ms)
– Capacité plus importante en LAN
(Gbps) que sur le lien d’acces
Privacy?
• …
1
Machine
InternetUnix
Netscape
FTP
106
30/08/20
2.4 Accès aux données: HTTP et FTP
File Transfer Protocol (FTP)
•
Service
– Transfert de fichiers entre hôtes
Chatacteristiques
– RFC 959
– Server FTP: port 21
– Deux connexion: control et data
– Protocole à etat (repertoire,
authentication, ...)
•
•
Paradigme client/server,
– Requete/reponse; format
binaire, textuel, ou compression
– Eventuellement le client peut
instruir une communicaton entre
plusieurs serveurs
Machine Unix
Netscape
Internet
FTP : commandes, réponses
Example de commandes :
Example de réponses :
•
•
•
•
•
•
•
Envoyées comme du texte ASCII
sur le canal de contrôle
USER username
PASS password
LIST renvoie la liste des fichiers
du répertoire courant
RETR filename : rappatrie le
fichier (get)
STOR filename : stocke le
fichier sur l'hôte distant (put)
•
•
•
•
status code et explication
(similaire à HTTP)
331 Username OK,
password required
125 data connection
already open; transfer
starting
425 Can’t open data
connection
452 Error writing file
107
30/08/20
108
D. Rossi – RES224
FTP : commandes, réponses
% ftp hostname
Connected to hostname
Name (hostname:moi):
331 Password required for moi
331 Guest login ok, send e-mail address as password
Password:
230 user moi logged in
Commande internes du logiciel ftp
ftp>
qui implemente le protocole FTP
Commandes internes
– ?, cd, lcd, ls, dir, pwd, open, close, bin, ascii, get, put,
prompt, hash, mget, mput, del, mkdir, quit.
Active FTP
– Connexion de contrôle
– Role: échange des commandes et des
réponses entre le client et le serveur
– contrôle hors-bande (mais capacité
physique partagée avec données)
– Client: open active depuis le port non
privilegié N vers le port 21 du serveur
– Client: envoye PORT N+1 au serveur et
open passive du port N+1
– Connexion de données
– Role: echange de fichiers de données
vers/depuis l'hôte distant
– Server: open active vers le port N+1
du client à partir du port 20
– Souci de connectivité si hote derriere NAT
ou Firewall (SYN vers port N+1 bloqué)
=> passive FTP
TCP
ports
20
N N+1
SYN
SYN+ACK Connexion
de control
ACK
PORT N+1
SYN
Connexion
data
SYN+ACK
ACK
108
21
30/08/20
2.4 Accès aux données: HTTP et FTP
Passive FTP
– Connexion de contrôle
– Role: échange des commandes et des
réponses entre le client et le serveur
– contrôle hors-bande (mais capacité
physique partagée avec données)
– Client: open active depuis le port non
privilegié N vers le port 21 du serveur
– Client: envoye PASV au serveur
– Server: envoye PORT P (P>1023) au
client et open passive du port P
– Connexion de données
– Role: echange de fichiers de données
vers/depuis l'hôte distant
– Client: open active vers le port P du
serveur à partir du port N+1
– “Sens interdit” respecté dans le cas du
Firewall
– Table de association de NAT respecté en
cas d’addresse intranet du client
TCP
ports
21
N N+1
P>1023
SYN
SYN+ACK
ACK
PASV
Connexion
de control
PORT P
SYN
SYN+ACK
Connexion
data
ACK
References
• Mandatory readings
– S. Alckok, R. Nelson, Application flow control in YouTube video
streams, ACM SIGCOMM CCR Vol. 41, No. 2, April 2011
http://dl.acm.org/citation.cfm?id=1971166
– A. Finamore et al. YouTube everywhere: Impact of Device and
Infrastructure Synergies on User Experience, ACM IMC’11, Nov 2011
http://docs.lib.purdue.edu/ecetr/418/
• Optional readinds
– J.C. Mogul, The case for persistent-connections HTTP,
ACM SIGCOMM 1995
http://dl.acm.org/citation.cfm?id=217465
109
30/08/20
110
D. Rossi – RES224
?? || //
110
30/08/20
2.5 eMail: SMTP POP et IMAP
RES 224
Architecture des applications Internet
eMail
dario.rossi
SMTP/POP3+IMAP4
Dario Rossi
http://www.enst.fr/~drossi
RES224
Plan
• eMail
• Architecture
• SMTP + POP/IMAP
• Le protocole SMTP
• Commandes,
• Format de messages
• Apercu de POP/IMAP
• SPAM et email forging
• References
111
30/08/20
112
D. Rossi – RES224
eMail: les principes
• Principes similaires au courrier postale
– Acheminement en fonction de l’adresse de destination
– Incapacité d’authentifier l’adresse de l’expéditeur
– Système asynchrone décorrélation entre l’E/R
• L’émetteur n’attend pas la disponibilité du récepteur
• Le récepteur consulte sa boîte à son rythme
– Pas de garantie de remise des messages
• Acquittement sous le contrôle du récepteur
• Pros/contres
–
–
–
–
Plus rapide que le courrier papier
Meme pas besoin d’un timbre (mais d’un PC et forfait ISP)
SPAM (debut 2000, plus de SPAM que de eMail legitime)
Usage excessif (cause de improductivité)
eMail: Architecture
Message Handling System (MHS)
SMTP
Message Transport System (MTS)
MTA
Message
Transfer
Agent (MTA)
MTA
UA
POP3/IMAP4
MS
MTA
User
Agent (UA)
UA
MS
MTA
UA
112
MS
Mailbox
Storage (MS)
MTA
MS
UA
30/08/20
2.5 eMail: SMTP POP et IMAP
eMail: Architecture
•
•
Agents utilisateurs
– Composition, édition de mail
– Envoye du message vers
server (protocole SMTP)
– Lecture des mails (POP/IMAP)
– Thunderbird, Outlook, elm,
pine, etc.
in
out
Daemons
– Serveur de mail SMTP
– File d'attente des messages
sortants
– Boite à lettre des messages
entrant pour les usagers
locaux
SMTP
Internet
in
out
eMail: Architecture
1) Alice utilise son mailer pour
composer un message; le mailer
d’Alice envoie le message à son
serveur de mail, le message est
mis dans la file de sortie
2) Le serveur de mail effectue un
DNS MX lookup pour trouver le
serveur destinataire
2.
1.
SMTP
DNS MX
3.
SMTP
3) Le côté client du serveur SMTP
ouvre une connexion TCP avec le
serveur mail de Bob, et lui envoye
le message d’Alice
4) Le serveur mail de Bob place le
message dans la boite aux lettres
de Bob, qui consulte la boite avec
POP/IMAP
4.
Internet
POP/
IMAP
113
30/08/20
114
D. Rossi – RES224
Simple Mail Transfer Protocol (SMTP)
Simple Mail Transfer Protocol
• Defini dans RFC 821, 822,
• Upgradés par RFC 2821, 2822, ....
5321 (Octobre 2008)
• Utilisation du port TCP 25
• Example d’implementation:
sendmail, postfix
Interet
• Transfert fiable du message depuis
un client vers un serveur
– Non seulement au niveau TCP,
mais au niveau application
• Transfert direct entre le serveur
émetteur et le serveur récepteur
– Historiquement, transfer
en plusieurs etapes
Characteristiques
• Paradigme Client-server
– Client: émetteur de mail
(PUSH)
– Serveur: récepteur de mail
– A chaque etape, le
serveur deviens client
• Protocole à etat
– handshake (établissement
de la connexion)
– transfert des messages
– Fermeture de la connexion
• Interaction commande / réponse
– Commande : texte ASCII
– Réponse : code d'état + phrase
• Format de messages
– 7bit ASCII
Envoi en plusieurs etapes
Relay
•
•
•
Gateway
•
•
114
Dans quels cas on a besoin de
plusieurs etapes ?
• Apres tout, grace au DNS on
connait le destinataire finale..
Source routing (deprecated)
Serveur SMTP peu puissants
• e.g., ne re-essayent pas la
trasmission, mais deleguent
par default à un Relay SMTP
Different protocoles
• E.g., il faut passer par un
Gateway qui connait les deux
protocoles (SMTP et XYZ)
A chaque passage, il y a une
delegation de responsabilité
pour la fiabilité de bout en bout
30/08/20
2.5 eMail: SMTP POP et IMAP
Protocole SMTP: requetes
•
•
Les requêtes (en ASCII) se terminent par CR LF
Requêtes minimales supportés par toutes les implantations
– HELP
: Renvoie les commandes disponibles
– HELO domaine
: Identification du domaine
– MAIL FROM expéditeur
: Identifie l'expéditeur par son adresse
– RCPT TO récepteur
: Identifie le récepteur par son adresse
– DATA
: Début du corps du message (se
termine par un '.' sur la première
colone seul sur une ligne)
– RSET
: Reset
– VRFY
: Vérifier l'adresse d'une personne
– QUIT
: Fin
Protocole SMTP: reponses
• Les réponses sont composées de trois digits :
–
–
–
–
2XX : Réponse positive
3XX : Réponse positive intermédiaire
4XX : Réponse négative transitoire
5XX : Réponse négative définitive
• Les deux derniers digits précisent le code retour; examples:
–
–
–
–
–
–
220 Service ready
251 User not local the message will be forwarded
354 Start mail input
452 Command aborted; insufficient storage
500 Syntax error; unrecognized command
551 User not local
115
30/08/20
116
D. Rossi – RES224
Example de session SMTP
S:
C:
S:
C:
S:
C:
S:
C:
S:
C:
C:
C:
S:
C:
S:
220 hamburger.edu
HELO crepes.fr
250 Hello crepes.fr, pleased to meet you
MAIL FROM: <alice@crepes.fr>
250 alice@crepes.fr... Sender ok
RCPT TO: <bob@hamburger.edu>
250 bob@hamburger.edu ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Do you like ketchup?
How about pickles?
.
250 Message accepted for delivery
QUIT
221 hamburger.edu closing connection
Escape
• Si on écrit un mail avec des lignes qui ne contiennent
qu’un seul point “.”, comment on peut faire ?
– SMTP va interpreter cela comme la fin du message
• Escape!
– En emission:
si la ligne edité par l’emetteur commence par “.”,
on y ajoute un “.” supplementaire au debut
– En reception:
si la ligne commence par un “.”, on l’enleve;
si il ne reste que “CRLF”, c’est bien la fin de DATA
• Trick commun avec les protocoles de niveau 2
– HDLC, PPP
116
30/08/20
2.5 eMail: SMTP POP et IMAP
Format de mail
Format du courriel echangé par SMTP
• Definit dans RFC 822
•
Lignes d'en-tête, (différentes
des commandes SMTP) ex :
– To :
– From :
– Subject :
•
Corps du message
– le texte (et piece jointes) en
caractères ASCII uniquement
•
Pas de besoin de CRC, Checksum…
pourquoi?
En-tête
Ligne
vide
Corps du message
Formats de mail – RFC 822
•
Pour le protocole de mail, pas de difference entre To/Cc:
– Difference psychologique pour les usagers
– Difference entre To/Cc et Bcc (ce dernier est caché au 1ers)
•
From/Sender peuvent differer (e.g., Boss/Secretaire )
117
30/08/20
118
D. Rossi – RES224
Formats de mail– RFC 822
•
•
X- « custom » headers
– X-Confirm-reading-to: « the sender wish to be notified… »
Maintenant beaucoup de header lines pour spam, virus
– X-spam-assassin, X-virus-guardian, …
Exemples d’entete
118
30/08/20
2.5 eMail: SMTP POP et IMAP
Exemples d’entete
119
30/08/20
120
D. Rossi – RES224
Comme commande ou dans l’entete?
• “MAIL FROM” vs “From:”, “RCPT TO” vs “To:”
– Pourquoi en double ?!
• Destinataire multiples (a@a.com, @b.com, @c.com)
– Le meme message est enovyé à plusieurs destinataires par different
commandes RCPT TO vers different serveurs
– Comment pourrait a@a.com savoir de b.com et c.com?
• Mailing list,
– on veut par exemple qu’en cas d’erreur, un message soit addressé à
l’administrateur de la liste et non pas à l’emetteur du message
– Le serveur SMTP en reception substitue la commande MAIL FROM:
avec l’administrateur, les erreurs en phase de transmission lui seront
addressé
– L’entete From: reste unchangé, les appartenant à la liste pourront
repondre à celui qui a ecrit le message
120
30/08/20
2.5 eMail: SMTP POP et IMAP
Format de mail: envoi de donnés non ASCII
• Le corps du mail ne contient que
de caractères ASCII
– Alphabets avec accents (Français,
Allemand)
– D’autres alphabets (Juif, Russe)
– Pas d’alphabet du tout (Chinois,
Japonais)
– Qu’est ce que c’est un alphabet ?
(audio, images, binaire)
• Pour envoyer de données
multimédia ?
– Multi-purpose Internet Mail
Extensions (MIME)
– Défini et mis en service en 1993,
RFCs 1341,2045,2049
– Le but du MIME est de coder
tout ‘attachement’ en caractères
ASCII
En-tête
Corps du message
α
β
Format de message: MIME
•
Lignes supplémentaires dans l'en-tête
du message pour déclarer un contenu
de type MIME
MIME version
Méthode utilisée
pour coder les données
tTpe, sous-type
des données multimédia
(déclaration de paramètres)
Erom: alice@crepes.fr
To: bob@hamburger.edu
Subject: Picture of crepes.
MIME-Version: 1.0
Content-Transfer-Encoding:
base64
Content-Type: image/jpeg
base64 encoded data .....
.........................
.........................
.........................
.........................
Données codées
......base64 encoded data
121
30/08/20
122
D. Rossi – RES224
Format de message: MIME
Types MIME definis à l’origine
Remarque:
Lorsque un nouveau
format de fichier
apparait (e.g., Flash,
3DTV) apparait, il
suffit de declarer un
nouveau type/soustype MIME
Format de message: MIME
From: alice@crepes.fr
To: bob@hamburger.edu
Subject: Picture of yummy crepe.
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=StartOfNextPart
Dear Bob, Please find a picture of a crepe.
--StartOfNextPart
Content-Transfer-Encoding: base64
Content-Type: image/jpeg
base64 encoded data .....
.........................
......base64 encoded data
--StartOfNextPart
Do you want the reciple?
--StartOfNextPart--
122
30/08/20
2.5 eMail: SMTP POP et IMAP
Problemes de SMTP
• Mail storm
– Reference circulaire dans les mailing lists
• l’addresse de la mailing list B est dans la mailing list A
et l’addresse de la mailining list A est dans B…
• Solution: limiter le nombre de “passages” de serveur en serveur
(max 100 “Received:” champs dans l’entete)
– Ca vous rappelle quelque chose ?
• Difference d’implementation (timeouts)
– Considerez les cas: A->B , A->Relay->B
– En cas de problemes transitoires à B, si A re-essaye
pendant
un temps TA, et Relay essaye pendant TR < TA
– On a des niveaux de fiabilité differents
SMTP vs HTTP
Comparaison avec HTTP
Characteristiques SMTP
•
Client
– HTTP client: PULL
– SMTP client: PUSH
•
•
Interaction requete/reponse
Connexion
– utilise des connexions persistantes
(plusieur messages entre serveurs)
– Moins de socket, moins de slowstart, plus de debit sur des gros
volumes (imaginez Aol & Gmail)
•
Messages
– demande que les messages (entête ET corps) soient en ASCII
– Certaines chaînes de caractères ne
sont pas autorisées dans les
messages (ex : CRLF.CRLF)
– Le serveur SMTP utilise
CRLF.CRLF pour reconnaître la
fin du message
– Les messages doivent alors être
codés (généralement en base-64)
– Les 2 ont des interactions
commande/réponse ASCII
et des codes d'état
•
Encapsulation
– HTTP : chaque objet est encapsulé
dans son propre message de
réponse
– SMTP : Un message contenant
plusieurs objets est envoyé dans
un seul message "multipart"
123
30/08/20
124
D. Rossi – RES224
eMail : Protocoles d'accès
•
•
SMTP : livraison/stockage chez le serveur en réception
POP/IMAP/HTTP: protocoles d'accès mail depuis le destinataire
– Post Office Protocol (POP3, RFC 1939)
• Simple: authentication et téléchargement
• Protocole avec etat, peu d’état associé aux messages (lu/non lu)
– Internet Message Access Protocol (IMAP4, RFC 1730)
• Plus de fonctionnalités (plus complexe)
• Manipulation sophistiqué de messages stockés sur le serveur
– HTTP
• Service Webmail type Gmail Hotmail , Yahoo! Mail, etc.
2.
1.
SMTP
DNS MX
4.
Internet
3.
SMTP
POP/
IMAP
Protocole POP3
•
POP3 : Post Office Protocol (version 3)
– Retrait de message sur un serveur de messagerie
– RFC 1939, TCP port 110
– Position du côté de l’UA (Thunderbird, Outlook,…)
– Supporté par tous les serveurs de messagerie
•
Characteristiques
– Paradigme Client/Server de type Requete/Reponse
– Direction des donnés: de MTA vers UA (PULL)
– Format PDU en ASCII
– Les messages sont gérés et manipulés localement coté UA
– Au plus, on peut laisser une copie des messages dans la MS du server
– Peux flexible: un message ne peut être lu que s’il a été récupéré entierement
124
30/08/20
2.5 eMail: SMTP POP et IMAP
Protocole POP3
Phase d'autorisation
•
Format requête
cmd arg1 arg2
Format réponse
-ERR arg1 arg2 …
+OK arg1 arg2 …
Protocole à état
(3 phases):
– Authorization
– Transaction
– Update
•
•
•
Commandes
Authorization
USER nom
PASS passws
QUIT
Transaction
STAT
LIST [msg]
RETR msg
DELE msg
NOOP
RSET
QUIT
S:
C:
S:
C:
S:
+OK POP3 server ready
user alice
+OK
pass hungry
+OK user logged on
Phase de transaction
C:
S:
S:
S:
C:
S:
S:
C:
C:
S:
S:
C:
C:
S:
list
1 498
2 912
.
retr 1
<message 1 contents>
.
dele 1
retr 2
<message 1 contents>
.
dele 2
quit
+OK POP3 server off
Protocole IMAP4
•
IMAP 4 : Internet Message Access Protocol (ver. 4)
– Acces au serveur de messagerie
– TCP port 143, RFC 2060
– Position du côté de l’UA (Thunderbird, Outlook,…)
– De plus en plus supporté par les serveurs de messagerie (Gmail depuis ~2009)
•
Characteristiques
– Paradigme Client/Server de type Requete/Reponse
– Direction des donnés: de MTA vers UA (PULL)
– Format PDU en ASCII
– Initialement conçu pour les stations ayant peu de ressources
=> maintenant bien adapte pour les usageres en mobilité
– Gestion, stockage, état du côté serveur
– Etat associé aux messages (vu, effacé, réponse faite, dossiers, tags)
– Flexible, IMAP4 donne accès aux entêtes des messages
• e.g., entetes telechargés d’abord; corps lorsque on selectionne un message;
les pièces jointes ne sont telechargé que si demandé par l’usager
125
30/08/20
126
D. Rossi – RES224
Protocole IMAP4
Commande
Réponse attendue Description
LOGIN
OK LOGIN
domaine_nt/compte_nt/
alias mot_de_passe
Se connecte à la boîte aux
lettres.
SELECT dossier
Mode du dossier &
OK SELECT
Sélectionne un dossier à
afficher.
FETCH n°_de_message
Texte du message & Récupère le message à l’aide du
OK FETCH
n° de message.
STORE Indicateurs de
message \indicateur
OK STORE
EXPUNGE
OK
Supprime tous les messages
marqués.
LOGOUT
OK
Termine la session.
Marque un message en vue de
sa suppression ou pour lui
affecter l’état Lu/Non lu.
IMAP4 vs POP3
126
30/08/20
2.5 eMail: SMTP POP et IMAP
SPAM
• Attaques sur la messagerie
– Messages non sollicités ou SPAM
• Types d’attaques
– Email bombing
• Emission du même message n fois vers un récepteur
– Email spamming
• Emission du même message vers n récipient
– Email spoofing (forging)
• Emission d’un message avec un identifiant usurpé
– Email phishing
• Email Spamming + Email Spoofing + Fausse URL
• Note: faux URL parfois bien caché !
– Email infection
• Email Spamming + Email Spoofing + malaware
(virus/backdoor/trojan…)
127
30/08/20
128
D. Rossi – RES224
SPAM
• Quel emetteur ?
–
–
–
–
–
–
–
Usurpation des adresses (ip, usagers, serveurs)
Usurpation des comptes utilisateurs
Usage des maileurs officiels et gratuits (yahoo, voila,hotmail, …)
Usurpation des ressources de serveurs relais
Outil de scan de plage d’adresses pour trouver un service sur le port 25
Configuration de compte en forwarding
Mise en place de serveur et domaine officiel pour une courte durée
• Quel recepteur ?
– Récolte des adresses email par Web, news, irc, salon, exploration des
domaines, robots, listes de discussions
– Achat/échanges de listes
– Sous-traitance, Marketing officiel
SPAM
• Consequences
– Pour le réseau:
•
•
•
•
Saturation et occupation de ressources (bande passante réseaux)
Etablissement de connexion TCP pour le serveur de messagerie
Encombrement serveur (beaucoup de messages inutiles à traiter)
Encombrement mailbox client
– Pour les usagers:
•
•
•
•
Nuisance
Détournements des informations et code malicieux
Non conformité aux mœurs
Impact économique
– En debut 2000s SPAM > mail normal
– En 2010, SPAM enormement reduit (~100 botnets)
128
30/08/20
2.5 eMail: SMTP POP et IMAP
SPAM
• Efficacité du SPAM ?
– SPAM au large (e.g., botnets) pas rentable
– Social SPAM (e.g., postcards envoyé sur comptes hackés,
address books personalisé) plus efficace
• Rentabilité du business model ?
– Cfr. Additional readings
SPAM
• Solutions
– Filtrage
• Filtrage sur l’entête (Blacklist, Whitelist, Greylist, …)
• Filtrage sur le contenu (filtres Bayesien, de Bloom, Support Vector Machines ou
technique d’apprentissage/reconnaissance d’images)
• Inconvénient: les faux positifs
– Authentification
• Domains Key, S/MIME,
• Inconvénient: infrastructure de distribution de clés,
– Identification
• Sender Policy Framework (use de DNS RR, cfr. slide suivant),
• Incovenient: necessite d’application globale
– Induire un coût à l’émetteur
• Cout en $ par message
• Inconvénient: pénalise tout le monde et nécessite
de modifier les protocoles sous jacents.
– Bloquer les compte banquaires des spammers
• 3 banques utilisés par >90% de spammers
• Inconvenient: problème de regulation (pas technique)
129
30/08/20
130
D. Rossi – RES224
Email forging
• Don’t try this at home
– Btw, the server knows who you are :)
• Sender Policy Framework (SPF)
– RFC4404 (april 2006)
– Le DNS est deja utile pour trouver le serveur
responsable de recevoir les mails @example.com
• example.com. MX mail.example.com
– Le DNS peut etre utilisé aussi pour definir qui est
authorisé à envoyer les mail de @example.com
• example.com. TXT "v=spf1 +mx a:mail.example.com -all“
– En reception, query TXT d’ example.com.
• Rejection d’un message de la part de guy@example.com
envoyé par d’autre serveur que mail.example.com !
Pas besoin d’outils compliqués… il suffit un terminal
Email forging
• Don’t try this at home
– Btw, the server knows who you are :)
• Sender Policy Framework (SPF)
– RFC4404 (april 2006)
– Le DNS est deja utile pour trouver le serveur
responsable de recevoir les mails @example.com
• example.com. MX mail.example.com
– Le DNS peut etre utilisé aussi pour definir qui est
authorisé à envoyer les mail de @example.com
• example.com. TXT "v=spf1 +mx a:mail.example.com -all“
– En reception, query TXT d’ example.com.
• Rejection d’un message de la part de guy@example.com
envoyé par d’autre serveur que mail.example.com !
130
30/08/20
2.5 eMail: SMTP POP et IMAP
Conclusions
• eMail
– La plus vieille “Killer application” d’Internet
– Architecture plus compliqué, 3 protocoles
– Encore d’actualité (cepandant Facebook et similia)
– Comme les autres applications Internet, evolution
continue (e.g., SPAM comes and goes) et usages
inattendus (IMAP)
References
• Optional readings
– J. Caballero, C. Gier, C. Kreibich and V. Paxon,.
Measuring pay-per Install, The commoditization of
Malware Distribution , USENIX Security Simposium
Aug 2011 ,
http://www.icir.org/vern/papers/ppi-usesec11.pdf
– C. Kanich, et al. Show me the money: characterizing
spam-advertised revenue, USENIX Security Simposium
Aug 2011 ,
http://www.icir.org/vern/papers/ppair-usesec11.pdf
131
30/08/20
132
D. Rossi – RES224
?? || //
132
30/08/20
2.6 Les applications P2P: Introduction et DHT
RES 224
Architecture des applications Internet
Peer-to-peer
dario.rossi
Dario Rossi
http://www.enst.fr/~drossi
RES224
Agenda
• Introduction on P2P
–
–
–
–
Recap on client-server vs P2P paradigms
Interest of P2P paradigm
P2P networks and Overlay graphs
(vanilla) taxonomy of P2P applications
• Finding content (today)
– Napster, Gnutella, DHTs (Chord)
• Diffusing content
– BitTorrent, P2P-TV
• Transmission strategies:
– Skype and BitTorrent congestion control
133
30/08/20
134
D. Rossi – RES224
Client-server paradigm
• Clients:
• Server:
– Runs on end-hosts
– Runs on end-hosts
– On/off behavior
– Always on
– Service consumer
– Service provider
– Issue requests
– Receive services
– Do not communicate
directly among them
– Satisfy requests from
many clients
– Need to know the server
address
– Need a fixed address (or
DNS name)
Client-server paradigm
N-1
N
3
Server S distributes
content to clients 1..N
2
1
134
S
30/08/20
2.6 Les applications P2P: Introduction et DHT
Client-server paradigm
N-1
N
3
Server has to provide all the
necessary upload bandwitdth
2
1
S
Peer-to-peer paradigm
• Peers:
– Runs on end-hosts
– On/off behavior
A
– Service providers and consumers
B
C
– Communicate directly among them
D
– Need to discover other peers
– Need to define communication rules
?
E
– Need to handle peer arrival and departure (churn)
135
30/08/20
136
D. Rossi – RES224
Peer-to-peer paradigm
N-1
N
3
Peers may assist S using
their upload bandwidth
2
1
S
Peer-to-peer paradigm
N-1
N
S
3
Peers-2-peer network do not
necessarily need a server
2
1
136
Notice that:
•Servers are typically
needed for bootstrap
•Servers aren’t needed
for resource sharing
0
30/08/20
2.6 Les applications P2P: Introduction et DHT
Client-server vs Peer-2-peer
• Interest of P2P
N-1
N-1
N
3
3
2
2
1
S
N
1
S
What is the minimum download time under either paradigm ?
Client-server
N-1
F-bits long file
1 server
Us server upload rate
N clients
Di download rate of the i-th client
Dmin = min( Di ) , slowest client
Ti download time of the i-th client
T = max( Ti ), system completion time
N
3
2
1
(1) T >= F / (Us/N) = NF / Us
(2) T >= F / Dmin
S
Assuming simple fluid model, server policy
is to give each of the N peers an equal share
of its rate Us/N, what is T equal to ?
i.e., the download cannot be faster than the
share of the server upload capacity allows
i.e., the download cannot be faster than the
downlink capacity of the slowest peer allows
T >= F/min( Us/N, Dmin )
137
30/08/20
138
D. Rossi – RES224
Peer-2-peer
N-1
F-bits longffile
1 source peer (having the content at time t=0)
Us source peer upload rate
N sink peers
Ui,Di upload & download rate of the i-th peer
Dmin = min( Di ) , slowest peer
Ti download time of the i-th client
T = max( Ti ), system completion time
N
3
2
1
S
Assuming simple fluid model, source gives bits
to peers at rate Si, each peer replicate received
data toward the others N-1 peers at rate <= Si
(1) T >= F / Us
(2) T >= NF /( Us + ΣUi )
i.e., no peer can receive faster than the source can send
i.e., the overall data cannot be downloaded faster than
the aggregated system capacity (with peers) allows
(3) T >= F / Dmin
i.e., the download cannot be faster than the downlink
capacity of the slowest peer allows
T = F/min(Us, (Us + ΣUi)/N, Dmin)
Client-server vs Peer-2-peer
File diffusion time Tmin (sec)
•Interest of P2P
•P2P protocols can offload server capacity, allowing better scaling
•Example with file diffusion, conclusion hold for many services
800
700
600
500
400
300
200
100
0
peer-2-peer
client-server
File size F=10MB,
Peer upload Ui=500 Kbps,
Source upload Us=10 Mbps
Peer download Di >> Ui
10 20 30 40 50 60 70 80 90 100
Number of peers/clients N
138
30/08/20
2.6 Les applications P2P: Introduction et DHT
P2P Overlays
• P2P network is a graph, where edges represent
logical connections between peers
• Logical connection:
– Ongoing communication via TCP , UDP sockets
– Reachability with application layer routing tables
P2P Overlays
• P2P networks are commonly called Overlay
as they are laid over the IP infrastructure
Notice that:
•Not all logical links
are also physical
•Not all physical links
are used
AA
B
Application
Overlay
C
IPa
IPb
IP Network
IPc
139
30/08/20
140
D. Rossi – RES224
P2P Overlays
• P2P overlay graphs are very much different, and
depend on implementation choices
App1
App2
P2P Overlays
• Peers
– Come and go due to their will or due to failures
– Have/have not the resources you are looking for
– May/may not be willing to give the resource
• Challenges
–
–
–
–
140
Effectively locate and share resources
Be resilient face to churn, failures
Scale to possibly several million users
Incentivate peers participation to the system
30/08/20
2.6 Les applications P2P: Introduction et DHT
P2P services
• P2P software spans a fair range of services
– File-sharing and content distribution
– Voice/video call
Filesharing
Live TV / VoD
BitTorrent eDonkey
SopCast TVAnts PPLive Joost
– Television/VoD
– CPU sharing
– Indexing and search
VoIP/Chat
• Structure
Search
SW Updates
– Structured
– Unstructured
– Hierarchical
Skype Gtalk
Kademlia
RapidUpdate
DebTorrent
Apt-p2p,…
– Structure is not tied to a particular service
Unstructured Overlay
• Peers
– arbitrarily connected
• Lookup
– typically implemented
with flooding
• Pro/Cons
– Easy maintenance, diffusion
– Highly resilient
– High lookup cost
• Examples
– BitTorrent, P2P-TV systems, Gnutella (up to v0.4)
141
30/08/20
142
D. Rossi – RES224
Hierarchical Overlay
• Peers and super-peers
– Ps connect to super-Ps
– Super-Ps know Ps resources
• Lookup
– Flooding restricted to super Ps
• Pros/cons
– Lower lookup cost,
– Improved scalability
– Less resilient to super-Ps churn
• Examples
– Skype, eDonkey, Gnutella (v0.6 on)
Structured Overlay
• Peers
– Carefully connected shaped
as a precise overlay topology
• Lookup
– Overlay routing algorithm
are not based on flooding
– Takes advantage of regularity
• Pros/cons
– Effective lookup & great scalability
– Complex maintenance
• Examples
– Distributed Hash Tables (DHTs)
142
30/08/20
2.6 Les applications P2P: Introduction et DHT
P2P problems
– Lookup and routing
• Find the peers having the resource of interest
(e.g., a file or a contact for messaging/calls)
– Diffusion and scheduling
• Ensure timely and effectively diffusion of a
resource (e.g., a file, or a TV stream).
– Transport and congestion control
• Interactive, near real time applications (Skype)
• Background applications (e.g., BitTorrent)
P2P Lookup
143
30/08/20
144
D. Rossi – RES224
P2P Lookup
• Lookup strategies
– Centralized indexing (Napster)
– Query via flooding (Gnutella)
– Distributed Hash Tables (Chord)
• Note
– For the time being, we do not deal with the problem of
what to do after the resource is located on the overlay
Lookup via Centralized Indexing
• Centralized server
– keeps list L of peers ressources
L
• Peers
– keep the ressources R
– notify ressources to server
• at startup
• anytime a new ressource
is added or deleted
144
R
30/08/20
2.6 Les applications P2P: Introduction et DHT
Lookup via Centralized Indexing
• Example
– peer A search for ressources R
stored at peer B
1:R?
– A ask server S location of R
– S reply to A with address of B
2:B!
5:R!
– A contact B and fetches R
A
– A notifies S he owns R
3:R?
B
4:R
– S updates ressources list
Lookup via Centralized Indexing
• Example (2)
– peer C search for ressources R
now stored at peers A, B
1:R?
– C ask server S location of R
2:A,B
– S reply to C with addresses A, B
– C selects best peer among A,B
A
• probes delay, bandwidth, ...
probe
C
B
– C gets R, then notifies S, which updates list L
145
30/08/20
146
D. Rossi – RES224
Lookup via Centralized Indexing
• Pro
– Simple architecture
– Only limited traffic to server (query)
– Peer-centric selection of best candidates
• Cons
– Central database not scalable
A
– Single point of failure
C
B
– Single legal entity (Napster was actually shutdown)
Flooding on Unstructured Overlay
• Peers
– each peer only stores its own content
• Lookup
– Queries forwarded to all neighbors
– Flooding can be dangerous
• generate a traffic storm on the overlay
– Need to limit flooding
• drop duplicated query for the same element
• limit flooding depth (application level Time To Live field)
146
30/08/20
2.6 Les applications P2P: Introduction et DHT
Flooding on Unstructured Overlay
• Example
– A look for R, stored at D, F
H
G
• sets TTL=4, send query to B,C
B
R
D
– B,C haven’t the ressource R
C
• forward query to D, E respectively
A
– D has the ressource
R?
E
F
R
• Route the query back on the overlay
– E hasn't ressource,
• Forward to G, H drops: TTL exceeded, query not reach F
Flooding on Unstructured Overlay
• Example
– A look for R, stored at D, F
H
G
• sets TTL=4, send query to B,C
– B,C haven’t the ressource R
B
R
Voilà R! D
C
• forward query to D, E respectively
– D has the ressource
• Route the query back on the overlay
A
R, please
E
F
R
– E hasn't ressource,
• Forward to G, H drops: TTL exceeded, query not reach F
147
30/08/20
148
D. Rossi – RES224
Flooding on Unstructured Overlay
• Pros
– Query lookup is greedy
– Simple maintenance
– Resilience to fault due to flooding
• Cons
– Flooding sends (too) many messages
– Scalability is compromised
– Lookup may not even find ressources (due to TTL)
Flooding on Hierarchical Overlay
• Peers
– Each peer only stores its own content
• Super-peers
– Indexes the content of the
peers attached to them
• Lookup
– Peers contact their super-peers
– Flooding is restricted to super-peers
148
30/08/20
2.6 Les applications P2P: Introduction et DHT
Flooding on Hierarchical Overlay
• Pros
– Lookup is still greedy and simple
– Efficient ressource consumption
– Hierarchy increases scalability
• Cons
– Increased application complexity
– Less resilient to super-peers churn
– Need to carefully select super-peers
Lookup on Structured Overlay
• Peers
– Arranged on very specific topologies
– Implement topology-dependant
lookup to exploit overlay regularity
• Indexing
– Peers and ressources are indexed
– Structured overlay implement a Hash semantic
• Offer insertion and retrieval of keys
• For this reason, are called Distributed Hash Tables
149
30/08/20
150
D. Rossi – RES224
Lookup on Structured Overlay
• Indexing idea
– take an arbitrary key space;
e.g., real in [0,1]
ressource
– take an arbitrary map function
e.g., colorof(x)
– map peers to colors
λpeer = colorof(peer)
peer
– map ressources to colors
λressource = colorof(ressource)
peer
– assign ressources to closest
peer (in terms of λ)
Lookup on Structured Overlay
• Indexing in practice
(e.g. the Chord DHT)
– Secure Hash SHA1 (B bits)
ID=SHA1(x) in [0,2^B-1]
– Peers are assigned
peerID = SHA1(peer)
– Ressources are assigned
fileID = SHA1(file)
– File is inserted at the peer
whose peerID is closer to
(but not greater than) fileID
– Peers are responsible for
a portion of the ring
150
P2m-1
P1
P8
P14
F10
F15
F38
F50
P32
P56
P38
P51
P48
30/08/20
2.6 Les applications P2P: Introduction et DHT
Lookup on Structured Overlay
• Lookup for a fileID
P2m-1
P1
P8
– Simplest lookup possible
P14
• Every node uses its successor
• Successor pointer needed for
lookup correctness
P8.Lookup(F56)
– Highly inefficient
P21
successor
• Linear scan of the ring
P32
– Longer-reach pointers
P38
• can be used to improve
lookup efficiency
P51
P48
P42
Lookup on Structured Overlay
P2m-1
– Keep a list of log(N) ``fingers''
P1
P8
• pointers to peers at
exponential ID space distance
successor
P14
• 1st finger is at peerID + 2^1
P21
• 2nd finger is at peerID + 2^2
• k-th finger is at peerID + 2^k
• if peerID + 2^k does not exist,
take closest following peer
P32
P56
P38
P51
P48
P42
151
30/08/20
152
D. Rossi – RES224
Lookup on Structured Overlay
fingers
P2m-1
– Keep a list of log(N) ``fingers''
• pointers to peers at
exponential ID space distance
• 1st finger is at peerID + 2^1
•
2nd
finger is at peerID + 2^2
k
1
2
3
4
5
6
P1
P8
finger
+1
N14
+2
N14
+4
N14
+8
N21
+16
N32
+32
N42
+1
+2
P14 +4
+8
P21
+16
• k-th finger is at peerID + 2^k
• if peerID + 2^k does not exist,
take closest following peer
P56
P32
+32
P51
P38
P48
P42
Lookup on Structured Overlay
• Lookup for a fileID
– Idea: make as much progress
as possible at each hop
P2m-1
P1
P8
• Greedy algorithm
P14
– so, choose the finger whose ID
is closest to (but strictly <) fileID
P8.Lookup(F56)
P21
– next hops do the same
– intuitively, distance from
fileID halves at each step
P56
P32
(dichotomic search)
P51
P38
P42
P48
– consequently, mean lookup length
is logarithmic in the number of nodes
– lookup can be recursive or iterative
152
30/08/20
2.6 Les applications P2P: Introduction et DHT
Lookup on Structured Overlay
• Pros
– ``Flat'' key semantic
– Highly scalable
– Tunable performance
• State vs lookup length tradeoff
• Cons
– Much more complex to implement
– Structure need maintenance (churn, join, refresh)
– Difficult to make complex queries (e.g., wildcards)
References
• Optional readings
– I. Stoica et al. Chord: A scalable peer-to-peer lookup service
for Internet applications, ACM SIGCOMM 2001
http://dl.acm.org/citation.cfm?id=964723.383071
153
30/08/20
154
D. Rossi – RES224
Conclusions
• Peer-2-peer systems
– Class of massively distributed, hence scalable,
applications
– Peers play both client and server roles
– Application level network, overlayed on IP
– May offer a number of different services
(lookup, download, VoIP, video, social networking etc.)
– Significant differences between different systems!
– Very fast-paced limitedly-controllable evolution:
Skype was yesterday! today is PPlive… tomorrow!?
– Operators are now interested (not only for law-suit!)
?? || //
154
30/08/20
2.7 Echange de données en P2P: BitTorrent
RES 224
Architecture des applications Internet
P2P: BitTorrent
dario.rossi
Dario Rossi
http://www.enst.fr/~drossi
RES224
Plan
• Acteurs et fonctionnement général
– Swarm, torrent, tracker, seed, leecher, chunks, ...
• Algorithmes et performance
– Strict priority, Rarest first, Tit for tat, Anti-Snubbing,
End-game mode, Chocking/Unchocking, …
– Note: On ne regardera ni le type ni le format de messages
• Bilan
– Efficacité vs complexité
• References
• LEDBAT: control de congestion BitTorrent
– Pas objet du controle
155
30/08/20
156
D. Rossi – RES224
Principes du partage en P2P
•
•
Plusieurs méthodes pour localiser une ressource:
– Méthode distribuée
• Contact direct entre chaque utilisateur
• Gnutella, eDonkey, Skype, ...
– Méthode centralisée
• Contact établi par une entité
• Napter, Bittorrent , ...
Plusieurs méthodes pour rapatrier la ressource:
– Méthode atomique
• Peu efficace: ressource rapatriée en entier à partir d'un seul peer
• Napster, Gnutella (initiellement), …
– Méthode parcellisé
• Très efficace : Ressources rapatriées de plusieurs peers (en parallèle)
• BitTorrent, eDonkey, P2P-TV,…
Principes de BitTorrent
Leecher
File chunks
Chunk transmission
Messages over:
•TCP (old)
•UDP/LEDBAT (new)
156
30/08/20
2.7 Echange de données en P2P: BitTorrent
Terminologie
• Torrent
– Point de depart
– Fichier descriptif de la ressource, contenant aussi l’addresse
IP et numero de port TCP d’un tracker
• Tracker
– Bootstrap server
– Elément central qui permet aux peers de prendre contact
les uns avec les autres (ne possède pas la ressource)
• Swarm
– Ensemble des peers participants au partage d’une meme
ressource
– Consititué par plusieurs types de Peers
• Leecher : Peer qui télécharge
• Seed : Peers qui upload seulement (possède une copie complète)
Terminologie
• Parcelisation
– Permets plusieurs échanges simultanées:
• Upload des chunks dès qu’on les possède
• Download les chunks qu’on ne possède pas
– Le fichier partagé est divisé en plusieurs parties égales
• Appelées Chunks (typiquement 256Ko)
– Divisés à leur tour en plusieurs morceaux
• Appellés Pieces (15Ko)
157
30/08/20
158
D. Rossi – RES224
.torrent
• Fichier .torrent
– Necessaire par un peer pour participer au partage d’une ressource
(e.g., fichier de données) avec BitTorrent
– Localisé avec une methode indépendante de BitTorrent
(en général stoqué sur serveur Web)
• Ce fichier contient:
– Liste des chunks (pour savoir qu’est qu’il faut telecharger)
– Mapping entre les différents chunk (pour reconstruire le fichier
ensuite)
– Checksum des chunk (pour en vérifier l’intégrité)
– L’identifiant d’un tracker (adresse IP/numéro de port)
• Multi-tracking
• Trackerless (Kad DHT, Peer Exchange PEX gossiping)
Tracker
•
Role: connaître les adresses IP et numero de ports des peers:
– Restituer une liste partielle de peers pour un torrent
– Aucune préférence, environ 50 peers choisis aleatoirement
• Meilleurs choix sont possibles: e.g., selection basée sur la
proximité des peers, ou distance inter-AS (IETF ALTO)
•
•
158
Ne posséde pas d’information relative:
– Aux chunks que chaque peer possède
– A la capacité d’upload des peers
Les mises à jour avec le Tracker se font par les peers :
– Périodiquement (environ 30 min)
– Au premier contact (bootstrap)
– Quand un peer quitte le systeme
– Quand un peer a besoin de nouveaux peers
30/08/20
2.7 Echange de données en P2P: BitTorrent
Swarm
• Le swarm a un but
– améliorer les performances de téléchargement
• Pour cela, deux objectifs precis:
– Optimiser le temps de téléchargement du fichier
• plus de seed = plus des sources potentielles
– Contraindre les leechers au téléchargement
• Obliger au partage: pas d’upload, pas de download!
• Pour cela, deux moyens
– Le choix des chunks (et des pièces) à télécharger
– Le choix des peers avec lesquels on échange
Algorithmes
• Pipelining:
– Utilisation de requêtes multiples pour soin de
performance: ouverture de plusieurs connections en
parallèle (environ 5)
– Chaque connection telecharge des pieces
• Selection des pieces:
– augmenter la disponibilité (Rarest First) et la rapidité
d’obtention des chunks (Strict Priority, Random First
Piece)
• Selection des peers:
– Tit for tat = résoudre le dilemme du prisonnier
• Travailler pour le bien de tous pour améliorer ses propres
performances (optimistic unchoking)
• Pénaliser ceux qui ne répondent pas à cette règle
(choke, anti-snubbing)
159
30/08/20
160
D. Rossi – RES224
Pieces: Strict Priority
• But:
– Obtenir le plus vite possible des chunks complets
• Fonctionnement :
– Si on envoie une requête pour une pièce d’un chunk
– Alors on devra envoyer des requêtes pour les autres pieces
du meme chunk en priorité aux autre chunks
• Interet
– L’upload n’est possible qu’une fois le chunk
totalement téléchargé
– Enfait, seulement une fois le chunk téléchargé on peut
verifier son integrité et validité (checksum dans le .torrent)
Chunks: Rarest First
• But:
– minimiser les chevauchements (overlap) des chunks
Non chevauchement
Chevauchement
• Interet:
– Equalization des ressources
• pas de “hotspot” i.e., de ressource peu disponible
– Meilleur utilisation de la capacité disponible
• faire en sorte qu’il y a toujours quelque chose à telecharger
• il est moins probable qu’à un certain instant tous les peers
soient interessés par le meme chunk peu (ou pas) disponible
160
30/08/20
2.7 Echange de données en P2P: BitTorrent
Chunks: Rarest First
• Fonctionnement
– Quand un Peer veut envoyer une requête pour un nouveau chunk
– Il demande aux autres Peers voisins les chunk qu’ils possèdent
– Il envoie une requête pour celui qui est le moins présent
• Remarque
– Le choix Rarest First est locale, car un peer ne contacte
que ses voisins
– Au meme temps, comme le voisinage des Peers change, les
choix locales ont tendance à converger vers de choix
globales
Chunks: Rarest First
On contacte les Peers
pour connaître les chunks
qu’ils possèdent et que
nous n’avons pas déjà
(1,2,3,4)
On comptabilise les
disponibilités de chaque
chunk
On choisit aléatoirement
parmi les plus rares :
Random(2, 3)
161
30/08/20
162
D. Rossi – RES224
Pieces: Random First Piece
• Exception des algorithme précédents
– Quand on vient juste de rentrer dans le systeme,
on ne possède pas encore un chunk
– Probleme: on ne peut pas uploader, pour cela
on doit obtenir rapidement un chunk
• Fonctionnement
– Tant qu’on ne possède pas un chunk complet
– Envoie de requête pour des pièces aléatoires de
chunks
Pieces: Endgame Mode
•
•
•
162
Interet:
– Aider des leecher à devenir des seeds, plus de sources dans le
systeme
Problemes
– Malgré Rarest First, certains chunks peuvent rester globalement
plus rare que d’autres (Rarest First est appliqué localement)
– Aussi, en fin de téléchargement, on est plus contraint sur le choix
des chunks à télécharger
Fonctionnement:
– Pour eviter de rester bloqués, meme si toutes les pièces qu’il nous
reste à telecharger sont toutes hautement demandées
– On envoie une requête pour toutes les pièces manquantes
à tous les peers avec lesquels on communique
30/08/20
2.7 Echange de données en P2P: BitTorrent
Peers: Choke/Unchoke
• Probleme
– Si aucun Peer n’upload, alors le partage est impossible
• Solution
– Enforcer la reciprocité des echanges, en arrêtant l’upload vers des
Peers dont on télécharge peu
• Fonctionnement (toutes les 10 secondes)
–
–
–
–
calculer le taux de téléchargement de chaque voisin
conserver les 4 meilleurs
rétablir l’upload vers ceux qui en font à nouveau partie (unchoke)
couper l’upload vers ceux qui ne figurent plus dans le classement
(choke)
Peers: Optimistic Unchoking
• Problemes
– Empêcher qu’on n’échanges que dans un groupe réduit
– Ne pas exclure les nouveaux arrivant
– Permettre de découvrir d’autres peers (possibilité d’obtenir
une meilleur taux d’upload)
• Solution
– Procès avec choix aletoires (avec une frequence plus lente)
• Fonctionnement (toutes les 30 secondes)
– choix aléatoire d’un peer parmi les 4 vers qui on upload
– on lui coupe l’upload (choke)
– on choisit un peer aléatoirement parmi ceux à qui on
upload le moins
– on lui rétablit l’upload (unchoke)
163
30/08/20
164
D. Rossi – RES224
Peer: Anti-snubbing
• Probleme
– Snub = uploader sans télécharger (inverse du free-riding)
– Lié au choke, quand on ne fait pas partie des 4 meilleurs
uploads des peers avec qui on échange
• Solution
– Se créer les condition pour l’optimistic unchoke
(très peu uploader)
• Fonctionnement :
– Si un Peer, a qui on permet l’upload, nous bloque
pendant plus de 1 min (choke)
– On lui coupe l’upload (choke)
– On attend un optimistic unchoke en notre faveur
avant de rétablit l’upload (unchoke)
Peer: Seeding
• Seeding
– Le seul but d’un seed est d’uploader
• Fonctionnement
– Un seul algorithme proche du choke
– Uploader vers ceux auxquels on upload le plus
– Idée: maximiser le transfer vers ceux qui peuvent
devenir seeds plus rapidement
• Remarque
– Ils existent d’autres algorithmes lié au seeding,
– E.g., au debut quand il n’existe qu’un seul seed
(super-seeding)
164
30/08/20
2.7 Echange de données en P2P: BitTorrent
Bilan BitTorrent: Efficacité
• Localisation
– Connaissances simple des Peers qui partagent grâce
•
•
•
•
Au reseau DHT (trackerless)
À une entité centralisée (tracker)
Possibilité de plusieurs trackers au meme temps (multi-tracker)
Possibilité d’utiliser les methodes multi-tracker et trackerless
au meme temps
• Diffusion
– Diffusion rapide grace
• Chunk permettent le pipelining et telechargement en parallel
• Au politiques de choix des chunks et des peers
• A la dissuasion du free-riding (reciprocation et force à l’upload)
Bilan BitTorrent: Complexité
• Beaucoup d'extension
–
–
–
–
–
Plusieurs trackers
Table de hashage (trackless)
Super-seeding
Encryption
LEDBAT congestion control
• Introduite Decembre 2008
• Default Avril 2010
Client
• Beacoup de clients
– µTorrent, Azureus, BitTornado,
BitTyrant, Xunlei …
• Matrice clients vs extension
– Un seul protocole, mais
beaucoup d’implementations
– Importance de la normalisation
(standards)
– BitTorrent Enhancement Protocol (BEP)
Extension
Supporté
Pas supporté
n/a
165
30/08/20
166
D. Rossi – RES224
References
• Mandatory readings
– P. Marciniak et al., Small is not always beautiful, USENIX IPTPS 2008,
Tampa Bay, FL Feb 2008 http://hal.inria.fr/inria-00246564/en/
– A. Legout et al., Clustering and sharing incentives in BitTorrent, ACM
SIGMETRICS, San Diego CA, Jun 2007,
http://hal.inria.fr/inria-00137444/en/
• Optional readings
– C. Testa and D. Rossi, The Impact of uTP on BitTorrent completion time
IEEE P2P 2011, Kyoto Aug 2011
http://www.enst.fr/~drossi/paper/rossi11p2p.pdf
Pas objet du controle
A crash course on LEDBAT, the new
BitTorrent congestion control protocol
Dario Rossi
Joint work with Claudio Testa, Silvio Valenti,
Luca Muscariello, Giovanna Carofiglio, ...
PAM’10
ICCCN’10
LCN’10
Globecom’10
P2P’11
Zurich
+ Zurich
+ Denver
+ Miami
+ Kyoto
+ ...
April 2010 August 2010 October 2010 December 2010 August 2011
166
30/08/20
2.7 Echange de données en P2P: BitTorrent
News from congestion control world
• BitTorrent announces
closed source code,
data transfer over UDP
• BitTorrent + UDP
= Internet meltdown!
• After BitTorrent denial
and some discussion...
• Everybody agreed that
Internet not gonna die
• But is UTP/LEDBAT
the best approach ?
BitTorrent and LEDBAT
• BitTorrent had to explain itself
– Positive side effect of the Internet meltdown buzz
• BitTorrent co-chairs the LEDBAT IEFT WG
– Low Extra Delay Background Transport Protocol
– delay-based protocol
– designed for low-priority transfers
• Protocol goals
– Efficiently use the available bandwidth
– Keep delay low on the network path
– Quickly yield to regular TCP traffic
Novel ingredient: Congestion
control to relieve self-induced
congestion at the access
• Open questions
– Does LEDBAT really achieve its goals?
– What about BitTorrent implementation of LEDBAT?
page 26
167
30/08/20
168
D. Rossi – RES224
LEDBAT evolution
TCP
v5.2.2
Oct ‘08
α1
v1.9-13485
Dec ‘08
α2
v1.9-15380
Mar ’09
β1
v1.9-16666
Aug ‘09
RC1
v2.0.1
Apr’10
Open source
Closed source
First LEDBAT draft
Draft as WG Item
After IETF 77
Simulation
Testbed
Testbed
Testbed
Packet size [Bytes]
1500
α2
β1
TCP
α1
vv1.9-13485
v1.9-15380
1.9-16666
v5.2.2
Mar
Aug
‘09
’09
Oct
Dec ‘08
‘08
Draft
First LEDBAT
assource
WG
Open
source
Closed
draft
Item
1250
1000
750
500
250
0
0
10
20 30
Time [s]
40
50
•TCP transfers, full playload
•α1 small packet overkill !!
•α2 variable framing (not in draft)
•β1 finer bytewise cwnd control
•25 october 2010: IETF draft v3
page 27
Outline
• Analysis of LEDBAT with a twofold methodology:
• Controlled simulation
– LEDBAT algorithm
– TCP vs LEDBAT
– LEDBAT vs LEDBAT
– Fairness issue
– Future Work
• Experimental measurements
– Testbed description
– Implementation evolution
– Bandwidth/Delay
Impairments
– ADSL experiments
– Multiflow experiments
– Future Work
page 28
168
30/08/20
2.7 Echange de données en P2P: BitTorrent
Pas objet du controle
LEDBAT: the new BitTorrent
congestion control protocol
Dario Rossi
Joint work with Claudio Testa
Silvio Valenti and Luca Muscariello
ICCCN’10
Zurich
August 2010
TCP: Loss-based congestion control
•
•
Objective of congestion control
– Limit sender rate to avoid overwhelming the network with packets
TCP detects congestion by means of packet losses
– Increment the congestion window (cwnd) of one packet each RTT
– Halve the congestion upon losses
losses
cwnd
t
– The buffer always fills up -> high delay for interactive applications
169
30/08/20
170
D. Rossi – RES224
LEDBAT: Delay-based congestion control
•
Use Delay as congestion signal (TCP Vegas)
– Increasing delay = increasing queue -> need to decrease rate
LEDBAT monitors the delay on the forward path
– sender and receiver timestamp packets
– sender maintains a minimum over all delays (base delay)
– LEDBAT tries to add just a small fix delay (TARGET)
– a linear controller adjusts the cwnd
•
TARGET
cwnd
TARGET
is reached
• enqueue only TARGET packets
• low extra delay and no loss
t
LEDBAT operations
•
Pseudocode in Draft
1) One-way delay
@RX:
estimation
remote_timestamp = data_packet.timestamp
ack.delay = local_timestamp() - remote_timestamp
ack.send()
@TX:
delay = ack.delay
update_base_delay(delay)
update_current_delay(delay)
2) Base delay =
min(delays)
3) Queuing delay
estimation
queuing_delay = current_delay() - base_delay()
off_target = TARGET - queuing_delay
cwnd += GAIN * off_target / cwnd
4) Linear controller
•
•
170
TARGET = 25ms (“magic number” fixed in Draft)
GAIN = 1/TARGET (our choice compliant with Draft)
30/08/20
2.7 Echange de données en P2P: BitTorrent
Simulation preliminaries
•
•
We implemented LEDBAT as a new TCP flavor in ns2
Simulation scenario
∆T
•
•
B
Link between routers is the bottleneck 10Mb/s, others 100Mb/s
Parameters
– buffer size B
– Time between flow start ∆T
Simulations: LEDBAT vs TCP
CWND [pkts]
80
5,6
40
2
3
4
0
TCP
LEDBAT
Total
1
Queue [pkts]
40
•
•
20
0
1. TCP and LEDBAT start together
2. As soon as q=20pkt -> delay=25ms
-> LEDBAT decreases
3. TCP causes a loss and halves its rate
4. Queue empties, LEDBAT restarts
5. TCP is more aggressive, LEDBAT
always yields
6. Cyclic losses
4
8
Time [s]
LEDBAT is lower priority than TCP
Total link utilization increases (w.r.t
TCP alone)
12
171
30/08/20
172
D. Rossi – RES224
Simulations: LEDBAT vs LEDBAT
80
1. LEDBAT flows start together
2. Queue builds up
3. As soon as q=20pkts -> delay=25ms
-> linear controller settles
4. Queue keeps stable
5. No changes until some other flow
arrives
CWND [pkts]
Total
40
LEDBAT 1
LEDBAT 2
0
Queue [pkts]
40
•
20
•
0
4
8
LEDBAT flows efficiently use
the available bandwidth
The bandwidth share is fair
between LEDBAT flows
12
Time [s]
Fairness issues
•
•
80
What if second flow starts after the first one?
Different view of the base delay -> different TARGET -> unfairness
∆T = 5s, B=40
2nd flow starts before queue builds up
Same TARGET, but the latecomer
gets a smaller share
40
CWND [pkts]
0
80
5
15
25
∆T = 10s, B=40
40
0
80
5
15
25
∆T = 10s, B=100
Same as before but larger buffer
Second gets all, first in stavation
40
0
172
2nd flow starts when first has
reached its TARGET
TARGET_2 = 2 * TARGET_1
after loss, fairness is restored:
base delay estimate is corrected
5
15
Time [s]
25
30/08/20
2.7 Echange de données en P2P: BitTorrent
Simulation wrap-up
•
LEDBAT is a promising protocol
– efficient but yields to TCP
– ... but affected by latecomer advantage
– ... and tuned with magic numbers
•
Further work (not in today talk)
– Sensitivity analysis, i.e., how to select the magic numbers (LCN’10)
– LEDBAT modification to solve latecomer advantage (Globecom’10)
– Overall swarm completion time performance (P2P’11)
– LEDBAT fluid model (submitted to IEEE Transaction on Networking)
– Experiments on real swarm (ongoing)
Pas objet du controle
Yes, we LEDBAT: Playing with the new
BitTorrent congestion control algorithm
Dario Rossi
Joint work with Claudio Testa
and Silvio Valenti
PAM’10,
Zurich
August 2010
173
30/08/20
174
D. Rossi – RES224
Agenda
• Active testbed mesurements
– Single-flow LAN experiments
• Timeline of LEDBAT evolution
• Emulated capacity and delay
– ADSL experiments
• In the wild
• Interaction with cross-traffic
– Multi-flow LAN experiments
• Level of low-priority ?
• Conclusions + future work
LAN experiments (single-flow)
Leecher
• Application setup
Switch
10/100
– uTorrent, official BitTorrent client,
closed source
• on native Windows (XP)
• on Linux with Wine
– Private torrent between the PCs
Forward
Backward
• Network setup
– Linux based router with Netem
to emulate network conditions
– Capture traffic on both sides,
analyze traces
• Experiment setup
Seed
Router
+
Netem
– Flavors comparison
– Delay impairment
• Forward path
• Backward path
– Bandwidth limitation
page 40
174
30/08/20
2.7 Echange de données en P2P: BitTorrent
LAN: LEDBAT evolution (1)
TCP
v5.2.2
Oct ‘08
α1
v1.9-13485
Dec ‘08
α2
v1.9-15380
Mar ’09
β1
v1.9-16666
Aug ‘09
RC1
v2.0.1
Apr’10
Open source
Closed source
First LEDBAT draft
Draft as WG Item
After IETF 77
Simulation
Testbed
Testbed
Testbed
Packet size [Bytes]
1500
α2
β1
TCP
α1
vv1.9-13485
v1.9-15380
1.9-16666
v5.2.2
Mar
Aug
‘09
’09
Oct
Dec ‘08
‘08
Draft
First LEDBAT
assource
WG
Open
source
Closed
draft
Item
1250
1000
750
500
250
0
0
10
20 30
Time [s]
40
50
•TCP transfers, full playload
•α1 small packet overkill !!
•α2 variable framing (not in draft)
•β1 finer bytewise cwnd control
•RC1? evolution continues !
page 41
LAN: LEDBAT evolution (2)
• Throughput evolution
Throughput [Mb/s]
– Different LEDBAT versions
– Each curve in separate experiment
– Also TCP BitTorrent (Linux + Win)
10
α1
TCP Linux
8
β1
6
• Observations
– α1 unstable, small packets
• Small packets recently broke β1 too
α2
– α2 , ß1 stable smooth throughput
4
• 4 and 7 Mbps respectively
TCP WinXP
• Window limits
2
– LEDBAT and TCP influenced by the
default maximum receive window:
0
0
60
120
Time [s]
180
240
•
•
•
•
TCP WinXP = 17 KB
TCP Linux = 108 KB
LEDBAT α2 = 30 KBytes
LEDBAT ß1 = 45 KBytes
page 42
175
30/08/20
176
D. Rossi – RES224
LAN: Constant delay
• LEDBAT is delay based
– constant delay for all packets
– delay = k20 ms, k \in [1,5]
– forward (or backward) path
• Observation
120
β1
α2
5
60
0
0
240
600
Backward path
10
5
– same behavior on both directions
– due to upper bound of maximum
α2=20, ß1=30)
receiver window (α
– not a constraint since bottleneck
shared among many flows
480
Delay [ms]
• Experiment setup
Forward path
10
Throughput [Mb/s]
– it measures the one-way delay
– sensitive to forward delay
– Independent from backward
120
60
Delay
profile
0
240
480
0
600
Time [s]
page 43
LAN: Variable delay
• Observations
– α2 greatly affected by varying
delay on the forward path
– ß1 probably implements some
mechanism to detect reordering
– Minor impact of varying delay on
backward path (ack delay only
affects when decisions are taken)
Throughput [Mb/s]
– random uniformly distributed
delay for each packet
– reordering is possible!
– range = 20 ± {0,5,10,20} ms
– forward (or backward) path
Forward path
10
120
β1
α2
60
8
6
0
0
120
360
Backward path
10
8
6
240
120
60
Delay
profile
0
120
240
0
360
Time [s]
page 44
176
Delay [ms]
• LEDBAT is delay based
• Experiment setup
30/08/20
2.7 Echange de données en P2P: BitTorrent
LAN experiments (multiple flows)
Leechers
Switch
10/100
• Application setup
– uTorrent β1 flavor only
– Private torrents
– Each couple seeder/leecher
shares a different torrent
• Network setup
– Simple LAN environment
– No emulated conditions
• Experiment setup
– Varying ratios of TCP/LEDBAT flows
– Different TCP network stack
• native Linux stack
• Windows settings emulated
over Linux (to measure losses)
Router
+
Netem
Seeds
45
LAN: Multiple TCP and LEDBAT flows
TCP windows
TCP linux
0.98 0.98 0.98 0.98 0.96
1.00 0.75 0.56 0.33 1.00
0.67 0.94 0.93 0.92 0.96
1.00 0.64 0.74 0.87 1.00
0
0.5
TCP
LEDBAT
0.5
LEDBAT
1
1
TCP
Bandwidth Breakdown
Efficiency
Fairness
4-0 3+1
3-1 2+2
2-2 1+3
1-3 0+4
0-4
4+0
4-0 3+1
3-1 2+2
2-2 1+3
1-3 0+4
0-4
4+0
TCP+LEDBAT
TCP+LEDBAT
Observations
•
•
•
•
Throughput breakdown between X+Y competing TCP+LEDBAT competing flows
Efficiency is always high
Fairness among flows of the same type (intra-protocol) is preserved
TCP-friendliness depends on TCP parameters
– TCP Linux stronger than LEDBAT, LEDBAT stronger than TCP WinXP
46
177
30/08/20
178
D. Rossi – RES224
ADSL experiments
• Application setup
Leecher
– uTorrent β1 flavor only
– native Windows (XP) only
– private torrent
ADSL
• Network setup
Internet
– real ADSL modems
– wild Internet
• uncontrolled delay, bandwidth
• Interfering traffic
• Experiment setup
– LEDBAT alone in the wild
– LEDBAT with cross TCP traffic
ADSL
• On forward path
• On backward path
Seed
page 47
ADSL experiments
Throughput [Mb/s]
0.6
•
178
5
Throughput
β1
4
3
0.4
2
RTT
0.2
0
•
TCP forward LEDBAT alone TCP backward LEDBAT alone
RTT [s]
LEDBAT alone
0.8
1
100
200
300
Time [s]
400
500
LEDBAT alone
– Stable throughput, closely matching nominal DSL capacity
LEDBAT connection competing with TCP on forward and backward path
– LEDBAT actually yields to TCP on the forward path
– TCP on backward path has nasty influence on LEDBAT throughput:
• due to shacky RTT (>1 sec due to ADSL buffer!)
• affecting the time at which decisions are taken
600
0
page 48
30/08/20
2.7 Echange de données en P2P: BitTorrent
Measurement wrap-up
• Main messages
– Behavior evolved:
• β1 addressed many issues (has RC1 fixed the others?)
• Draft tells only part of the story
– Efficiency goal:
• Provided that enough flows on bottleneck (or increase window limit)
• Compromised by interfering traffic on backward unrelated path
– Low-priority goal:
• Reasonably met, but is LEDBAT low-priority level tunable ?
• Depends on TCP settings as well: meaning of Low-priority itself is fuzzy
• Future work
– Interaction with other BitTorrent mechanisms (e.g., peer
selection, tit-for-that, etc.)
– Impact on the users QoE (i.e., torrent completion time ?)
– More heterogeneous settings (e.g., larger scale experiments,
access technology, BitTorrent vs our implementation, etc.)
49
?? || //
179
30/08/20
180
D. Rossi – RES224
RES 224
Architecture des applications Internet
P2P: Skype
Based on joint work with the following colleagues:
dario.rossi
Dario Bonfiglio
Marco Mellia
Michela Meo
Nicolo’ Ritacca
Paolo Tofanelli
Dario Rossi
http://www.enst.fr/~drossi
RES224
Agenda
• What is Skype,
• What services it offers
• Very brief overview of how we think it works
• Details on
• Skype service traffic
• congestion control (bandwidth, loss, etc.)
• usage in real networks (call duration, etc.)
• Skype signaling traffic
• Normal period (volume, type and spatial properties)
• Breakdown event (overlay message storm)
• References
180
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Why studying Skype ?
• Skype is very popular
– Succesful VoIP service over the unreliable Internet
– More than 100M users, 5% of all VoIP traffic (in 2007)
– Easy to use, many free services
• voice / video / chat / data transfer over IP
• Understanding Skype is a challenging task
–
–
–
–
Closed design, proprietary solutions
Almost everything is encrypted or obfuscated
Uses a P2P architecture
Lot of different flavors
Skype for Dummies
• Architecture
– P2P design
181
30/08/20
182
D. Rossi – RES224
Skype for Dummies
• Architecture
– P2P design
• Service traffic
–
–
–
–
Voice calls
Video calls
Chat
Data transmission
Skype for Dummies
• Architecture
– P2P design
• Service traffic
–
–
–
–
–
182
Voice calls
Video calls
Chat
Data transmission
nodes may act as
relay when peers are
behind NAT
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Skype for Dummies
• Architecture
– P2P design
• Service traffic
–
–
–
–
–
Voice calls
Video calls
Chat
Data transmission
Skypeout/Skypein
Skype for Dummies
• Architecture
– P2P design
• Service traffic
–
–
–
–
–
Voice calls
Video calls
Chat
Data transmission
Skypeout/Skypein
• Signaling traffic
– Login & auth.
– Look for buddies
– ….
183
30/08/20
184
D. Rossi – RES224
Well hidden traffic
• Encryption
• Skype adopts AES (Rijndel) cipher to encrypt information
• 256-bit long keys, or 1.1X1077 different keys
• 1536 or 2048 bit RSA is used to negotiate the
AES symmetric key
• Public keys are authenticated by the login server
• Obfuscation
• Encrypted payload is also obfuscated using
Arithmetic compression
• Headers that are not encrypted are obfuscated
using the RC4 Algorithm
State-of-the-Art
Encryption +
Obfuscation
Mechanisms
Available Skype Codecs
• E2E calls use preferentially
• SVOPC – starting ~2008
• iSAC – bit rate : 10-32 kbps (adaptive, variable) (30 ms frames)
• iLBC – bit rate : 13.3 kbps (30 ms frames) 15.2 kbps (20 m frames)
• E2O calls use preferentially
• G729 – bit rate : 11.5 kbps (20 ms frames) 30.2 kbps
• Other codecs are available
• iPCM-wb, G711A, G711U, PCM-A, PCM-U, …
• Skype framing alters the original codec framing
• Redundancy may be added to mitigate packet loss
• Frame size may be changed to reduce overhead impact
184
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Skype Source Model
Skype
Message
TCP/UDP
IP
Types of Skype messages
• Depending on transport protocol:
• Use TCP when forced to, with ciphered payload
• Login, lookup and data: everything is encrypted
• Use UDP whenever possible, payload is encrypted
• But some header MUST be exposed
• Otherwise, in case of a packet loss, receiver could not
properly align and decrypt the rest of the flow (as in SSL/TLS)
TX data
RX data
Unreliable
AES
AES
185
30/08/20
186
D. Rossi – RES224
Skype service traffic
Agenda
• Investigate Skype service traffic
• Methodology
• Service traffic (voice & video)
•
•
•
•
Service multiplexing
Skype reactions to transport layer
Skype congestion control
Skype loss recovery
• Users’ behavior
• Call volume and duration
• Further details on the papers
186
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Preliminary Definition
•Useful information
–At installation, Skype chooses
a port at random
–The port is never changed
(unless forced by the user)
–All traffic multiplexed over the
same socket (UDP preferably)
Skype peer
– A Skype peer can be identified
by its L3/L4 endpoint
– Consider only peers that were
ever observed making a call
Skype flow
–UDP is connectionless (no
SYN/SYNACK sequence to detect
start of flow, nor FIN at the end)
– Sequence of packets originated
from a Skype peer (and destined to
another skype peer)
–Flow starts when the first packet is
observed
–Flow ends when no packet
is observed for a given inactivity
timeout (200s)
–Skype sends packets every
~120sec to keep NAT entries open
(IP addr, UDP port)
Methodolody
•Service traffic
•Small scale active testbed
•Measure Skype response to
controlled perturbation
•Control bandwidth, packet loss,
transport protocol, etc.
•User behavior
•Passive measurement technique
on real network (LAN and ISP)
•Own classification framework (see refs)
•Inspect and quantify unperturbed
Skype traffic of real users
7000 hosts
1700 peers
300.103
external
peers
187
30/08/20
188
D. Rossi – RES224
Service Traffic: Normal Condition
• Unperturbed conditions
– Two peers, same LAN
– 100Mbps, <1ms delay
– Use different codecs
• Metrics
– Inter packet gap [ms]
• (time between two
consecutive Skype
messages)
Switched LAN
– Message size [Bytes]
– Bitrate [Kbps]
Service Traffic: Normal Condition
250
200
Bitrate
[kbps]
ISAC
iLBC
iPCM-WB
PCM
G729
Smooth
Transient
Normal
Behavior
150
Aggressive
Startup
100
50
0
0
10
20
30
Time [s]
188
40
50
60
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Service Traffic: Normal Condition
Message
Payload
[Bytes]
300
200
100
ISAC
100
50
G729
300
200
100
iLBC
900
600
300
iPCM-WB
600
400
200
PCM
0
10
20
30
40
50
60
Time [s]
Service Traffic: Normal Condition
70
ISAC
iLBC
iPCM-WB
PCM
E2O G729
60
50
IPG
[ms]
40
30
20
10
0
0
10
20
30
40
50
60
Time [s]
189
30/08/20
190
D. Rossi – RES224
Recall…
On unknown network
conditions (e.g., at the
beginning of a call),
Skype aggressively send
voice blocks twice to
counter potential losses
Service Traffic: Video Source
• Message size
– Typical of voice calls
– Larger video messages
• Multiplexing
– Voice and video
multiplexed over the
same UDP socket
B
[kbps]
600
400
200
0
80
IPG
60
[ms]
– Typical of voice call
– Back-to-back video
messages
800
40
20
0
L
900
[Bytes]
• Variable bitrate
• Inter packet gap
600
300
0
0
10
20
30
Time [s]
190
40
50
60
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Service Traffic: TCP vs UDP
• Transport scenario
– Two peers, same LAN
– Blocking UDP with
a firewall
• Metrics
– Inter packet gap [ms]
• (time between two
consecutive Skype
messages)
Switched LAN
– Message size [Bytes]
– Bitrate [Kbps]
Under TCP
• No initial transient
• IPG unmodified
Kbps
Service Traffic: TCP vs UDP
– TCP PSH,URG flags
• Cautious with
bandwidth
– In case of loss, TCP
goes slow-start
(cwnd=1 segment)
– Call would be
likely stopped,
avoid slow-start!
Bytes
– TCP recover losses
ms
• Old blocks not
multiplexed
B - UDP
B - TCP
80
60
40
20
0
90
IPG - UDP
IPG - TCP
60
30
0
250
200
150
100
50
0
0
L - UDP
L -TCP
10
20
30
40
Time [s]
50
60
191
30/08/20
192
D. Rossi – RES224
Service Traffic: Network impact
• Network impact
– Two peers, same LAN
– Artificially controlled
• bottleneck capacity
• packet losses
• Metrics
– Inter packet gap [ms]
Switched LAN
• (time between two
consecutive Skype
messages)
– Message size [Bytes]
– Bitrate [Kbps]
[Bytes]
[ms]
[Kbps]
Service Traffic: Congestion control
192
100
80
60
40
20
0
100
80
60
40
20
0
300
250
200
150
100
50
0
Average Throughput
Bandwidth limit
Framing
Skype Message Size
0
30
60
90
120 150 180 210 240 270 300
Time [s]
Skype
performs
congestion
control
adapting
coding
rate and
framing
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Service Traffic: Loss recovery
Loss %
60
10
50
Inter-Pkt
Gap [ms]
8
40
6
30
4
20
Skype performs
loss recovery…
10
2
0
0
0
500
Payload
[Bytes]
100
200
300
400
500
10
Loss profile
400
8
300
6
200
4
...by multiplexing old
and new voice blocks
100
2
0
0
0
100
200
Time [s]
300
400
500
Service Traffic: User behavior
• Network scenario
– >1000 peers campus LAN
– Unperturbed environment
• Sniffing traffic at
the edge router
• Metrics
7000 hosts
1700 peers
300.103
external
peers
– Volume of calls
– Duration of calls
– Geolocalization, location of
Skype PSTN gateways, etc.
(see refs.)
193
30/08/20
194
D. Rossi – RES224
User Behavior: Volume
60
40
UDP E2E
UDP E2O
TCP E2E
Flow number
20
0
-20
•Asymmetry in the number
of calls per protocol type:
•Explanation:
- one direction UDP,
- the other TCP
-40
-60
Mon |
Tue
| Wed | Thu
|
Fri
|
Sat
|
Sun
Skype call duration & arrival process
• Free calls are longer, Poisson arrivals
Call duration
Experimental
quantiles
Paying
$kypeout
Free
voice
Negative exponential
quantiles
Call duration [min]
194
Free
video30
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Skype signaling traffic
Agenda
Methodology
• Passive observation
on real networks Typical week
Signaling
•
•
•
•
Volume
Traffic pattern
Geolocalization
Message storm
Skype breakdown (Aug’07)
Flooding storm!
1700 internal peers
100 internal peers
Skype
300,000 external peers classifier 40,000,000 external peers
2,500,000 flows
33,000,000 packets
Internet
Internal peers
External peers
195
30/08/20
196
D. Rossi – RES224
How much signaling traffic ?
Typically, limited amount
of signaling bandwidth
1
Yet, rather active
signaling exchanges
1
0.9
Cumulative
Distribution
Function
(CDF)
0.8
0.7
0.6
0.75
0.5
0.5
0.25
0.4
0.3
1
10
100
1000
Average per-peer
signaling bitrate [bps]
10000
0
0
25
50
75
Number of peers
contacted in 300 sec.
Skype spatial pattern
Each dot is
a packet
1500
1000
Each line
is a flow
500
Peer ID
0
-500
ID++ on
new peer
-1000
-1500
196
Time evolution [hr]
100
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Skype spatial pattern
1500
1000
Outgoing
traffic
500
Peer ID
0
-500
-1000
-1500
Incoming
traffic
Time evolution [hr]
Skype spatial pattern
1500
1000
Skype network
probing
500
Peer ID
0
-500
Calls, buddy
updates, etc.
-1000
-1500
Time evolution [hr]
197
30/08/20
198
D. Rossi – RES224
Skype spatial pattern
1500
1000
80% flows
5% bytes
500
Peer ID
0
-500
20% flows
95% bytes
-1000
-1500
Time evolution [hr]
Skype spatial pattern
•Probes
–Single packet toward unknown
peers; reply possibly follows
–No further traffic is exchanged
between the same peers pair
–Most of the flows (80%) are probes
•Dialogs
–More than a single packet sent toward the same
peer; buddy status & overlay mainenance
–Persistent activity, carries most of the signaling
bytes (95%)
198
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Skype peers location
Paris
Turin
39
Skype peers location
Probability distribution function (pdf)
Probes
Others
• RTT distance
– Between first pair of
(request, reply) packets
• Two threads shape
the Skype overlay
– Probes favor discovery
of nearby hosts
– Buddy signaling and calls
driven by social network
Round Trip Time RTT [ms]
40
199
30/08/20
200
D. Rossi – RES224
Flooding storm
•August 2007 (& 2010): massive Skype outage!
!?
Flooding storm
150
0
Flows
40k
0
Before
During
After
Incoming (-) and Outgoing (+) Traffic
LAN
Peers
40k
40k
Pkts
0
40k
4M
Bytes
0
4M
Thu 9th
200
Sun 12th
Thu 16th Sun 18th
August 2007
Thu 23th
Sun 25th
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
Flooding storm
• Probing traffic increase considerably
–
–
–
–
Before
During
After
4x more flows
3x more packets
10x more external peers
2x less bytes
August 2007
• In the LAN,
– Skype predominant portion of UDP traffic (70% bytes, 94% flows)
• 10 most active LAN peers
– receive almost all Skype traffic (94% bytes, 97% flows)
• The single most active peer
– 50% bytes 75% flows
– contacts 25% of all external pees seen
– namely 11 millions, a 30x increase
Everybody looking for
super-peers; significant
volumes of traffic handled
by some peer
Summarizing this course on
•Skype protocol and format
•Proprietary, complex, well hidden
•Not broken so far
•Service traffic
•Active testbed
•Application layer multiplexing
•Transport layer UDP/TCP usage
•Skype congestion and loss control
•Aggressive with losses
•Conservative with bottlenecks
•User behavior
•Call duration per service
•Call arrival still Poisson
•Free services preferred
•Signaling traffic
•Passive measurement
•Two different threads shapes
the Skype overlay
•Probes : selection driven by
proximity in the IP- network
(the close the better)
•Dialogs: Social network driven
(friends are everywhere)
•Signaling rate and spatial spread
•Large number of contacted
peers
•Typically, very limited bitrate
•Huge broadcast storm in case
of bugs/problems
201
30/08/20
202
D. Rossi – RES224
References
• This course based on
– D. Bonfiglio, M. Mellia, M. Meo, D. Rossi and P. Tofanelli, Revealing
Skype Traffic: When Randomness Plays with You . ACM SIGCOMM,
Kyoto, Japan, August 2007.
– D. Bonfiglio, M. Mellia, M. Meo and D.Rossi, Detailed Analysis of Skype
Traffic . IEEE Transactions on Multimedia, 11(1):117-127, January
2009. (preliminary version appeared at Infocom08)
– D. Rossi, M. Mellia and M. Meo, Understanding Skype Signaling .
Elsevier Computer Networks, 53(2):130-140, February 2009.
– D. Rossi, M. Mellia and M. Meo, Evidences Behind Skype Outage. In
IEEE International Conference on Communications (ICC'09), Dresde,
Germany, June 2009.
• (all on my webpage)
References
• Optional readings
– P. Biondi, F. Desclaux, Silver Needle in the Skype. Black
HatEurope'06, Amsterdam, the Netherlands, Mar. 2006.
– S. A., Baset, H. Schulzrinne, An Analysis of the Skype Peer-to-Peer
Internet Telephony Protocol. IEEE Infocom'06, Barcelona, Spain,
Apr.2006.
– S. Guha, N. Daswani and R. Jain, An Experimental Study of the
Skype Peer-to-Peer VoIP System, USENIX IPTPS, Santa Barbara, CA,
Feb. 2006
– K. Ta Chen, C. Y. Huang, P. Huang, C. L. Lei Quantifying Skype User
Satisfaction, ACM Sigcomm'06, Pisa, Italy, Sep. 2006.
202
30/08/20
2.8 Multimedia et VoIP en P2P: Skype
?? || //
203
204
204
3 Travaux dirigés (TD)
D. Rossi – RES224
3.1 Enoncé
¤ !!"""!#$
¹
¹
%&
'((
¹
) ¹¹
¹¹¹¹¹¹¹¹¹
¹¹
¹
)¹¹¹¹¹
¹¹¹¹¹¹¹¹¹¹¹
¹
)* ¹¹¹
¹¹ ¹
¹
) ¹¹¹ ¹¹¹!¹ ¹¹¹
¹¹
¹
¹¹
)+¹
"¹¹#¹¹
¹¹
¹¹$¹¹
¹%¹¹
&¹¹'¹
¹
),(¹¹¹¹
¹¹
¹ ¹
¹)¹*+,¹¹
'¹¹¹
¹$'' ¹¹¹%¹¹¹
¹$¹'' ¹¹
¹%¹-¹¹¹"¹'¹¹'¹-¹
¹
)- ¹¹¹
'¹¹¹¹*+¹¹./0¹
¹
).¹¹¹¹¹ ¹1¹¹
¹2¹¹¹ ¹
¹¹
¹'¹ '¹¹¹¹
¹
)/¹3¹¹¹4,¹
¹¹¹¹¹¹
¹5¹67¹¹
¹66¹
¹¹
)0(¹¹¹¹
¹8.¹
¹'¹
¹¹19:¹
¹
)(¹'¹
¹¹
¹¹¹¹¹5¹¹
¹
) ¹¹¹
¹¹19:¹¹¹!¹
¹
¹
¹
¹
206
D. Rossi – RES224
%1$1$12
)9"¹¹
)¹
2¹;¹5¹¹¹¹<
=¹-¹
¹
)(¹¹¹
'¹¹2¹¹¹
¹¹
¹¹¹¹66¹¹
¹5¹¹-¹
)*¹¹1¹"¹)¹
¹
'¹'¹3¹¹¹1¹-¹
¹
)¹¹>¹' ¹5¹"¹¹¹-¹
)+>¹¹5¹¹' ¹
¹
'¹
¹¹¹¹
*+¹
¹¹¹
¹¹19:/.>¹-¹
), ¹¹
¹¹19:/.>¹
¹'¹¹¹
¹'¹
?¹
)- ¹)¹¹
'¹' ¹¹¹
'¹'¹
'¹
¹¹¹19:/.>¹
¹
%1$1$1
!¹ ¹ ¹ 1,¹ ¹ ¹ ¹ * ¹ ¹ ¹ @2
¹ ¹ ¹
/,¹¹¹'¹3¹¹ ¹
¹¹¹
@2
¹¹¹/¹>¹¹
'¹¹¹¹¹¹¹¹¹ ¹3¹A¹¹ *¹¹¹ ¹¹
¹
¹@¹¹,¹¹¹¹@
¹.¹
¹¹1¹
!¹ ¹ ¹ >¹ ¹ ¹ ¹ 1¹ ¹ ¹ ¹ ¹ @¹ ¹ @¹ ¹ ¹
¹ ¹ ?¹ ¹ @
¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹
'¹*¹¹¹¹¹
@¹
¹¹¹¹¹¹ ¹
¹¹¹¹
¹¹
¹¹
ù !¹¹¹
¹¹ ¹1¹
¹¹¹¹
B6C¹ ¹¹¹5D67¹¹@¹¹
¹¹¹
BEC¹ ¹¹¹5D67¹¹¹¹¹¹
¹¹¹
B+C¹ ¹¹¹5D66¹¹¹¹¹ ¹
¹¹
B0C¹ ¹¹¹5D66¹¹¹ ¹
¹¹
¹
¹
¹
¹
3.1 Enoncé
%&
3
'
A¹
¹
¹/¹<¹¹
¹
,¹¹¹A#¹.9#=¹
¹
« ¹¹ ¹ ¹ ¹ ¹ ¹ ¹ > ¹ ¹ ;¹ ¹ ¹
¹'¹
¹¹
¹
¹
¹¹
¹¹¹
¹
¹2'
¹ ¹
¹ ¹> ¹
¹
¹2'
¹<¹
¹=¹
¹¹¹
¹
¹¹
¹
¹ ¹< ¹
' ¹¹¹
¹
=¹
¹ ¹ ¹ ' ¹ ¹ ¹ ¹ ¹ ¹ ¹ > ¹
'¹
¹¹¹
¹ ¹¹¹¹¹¹¹ ,¹¹¹
¹¹¹
'¹¹¹F¹$¹¹%¹¹¹F¹¹
ù¹¹¹
¹¹' ¹
¹ ¹
¹¹ ¹ ¹ ;¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹
2'
,¹¹
¹¹¹¹
¹ ¹¹¹¹'¹
¹¹ ¹ ¹ ¹ ¹ ¹ ¹ '¹ ¹ ¹ ¹ ¹
> ¹ ¹ ¹ '¹ ¹ 3¹ '¹ ¹ ¹ ¹ '¹ ¹
¹¹'¹¹
'¹
¹
¹
¹¹¹
¹¹¹¹¹¹¹
¹¹¹¹
)¹
¹¹
¹
¹¹¹¹
) 92¹ ¹ ¹ ¹ ¹ /¹ ¹ ¹ 2¹ ¹ )F¹¹
'' F¹
¹
) ¹¹¹¹¹
¹¹¹¹¹/¹
¹¹
2¹
¹.¹¹¹'¹¹9¹
) * '¹ ¹ ¹ ¹ ¹ ¹ 2¹ ¹ '¹ ¹ ¹ '¹
¹
) '¹¹¹¹¹
¹¹¹
¹¹¹!¹¹ ¹/¹
)+ ¹¹
'¹
¹˜˜˜* ¹/¹<¹¹¹F¹@¹
@¹¹"
=¹¹¹¹¹¹¹¹2¹¹' ¹¹¹¹¹¹'¹
¹¹'¹¹¹¹¹
'¹'¹
¹ 2¹'¹¹3¹
¹¹¹
¹¹ ¹¹¹¹¹¹¹¹;¹'¹
± ¹¹ ¹¹¹¹¹¹
¹
¹'2¹
'¹
),
(¹¹¹¹2¹
¹¹¹<¹=¹ '¹¹Ø Ø ¹/,¹
¹¹
2¹
¹'¹¹9¹¹.¹-¹<¹¹¹¹)¹¹¹
¹¹¹¹'=¹¹
¹
¹
¹
208
D. Rossi – RES224
I ¹¹¹
¼ ¼
¼
¼
¼
¼ ¼ !
¼
¼"#$$¼%
&'()*
¼
¼
¼
#+,'-.(#/¼0
¼
(1
.$(/¼2¼0
¼
/33
33
.$(/¼2¼0
¼
(1
4++
5 6.76'-76.76'-7
¼¼83¼¼
(1/988¼4:
;.<
/33
33
=8,
>
¼
¼¼?
¼
¼ 3)¼280
¼
"8?*/¼
¼
8
¼
(
¼ ¼280
¼
@!)
)*
¼"#$"
3:2"8
A:B#
C(
//2D"E
777&'()*
¼
)*
¼& ¼@!C¼38
<&+<4"+;"(4"
$,$',<,<F
G$<
H.>
:>,#,#
",I
4"<
.<
4',H.>J
&'$
777H.>
H?¼3
777#+,'-3/6 30)*
¼7",IK
6 30)*
¼7"
1
777.$/6¼280
¼7
7774++
6¼280
¼7.
1
3C
5 LL
?¼
777
6¼280
¼7
¼3
¼)
¼3
¼"#$$¼%
777&'()*
¼
¼3
¼
$,$',<,<F
",I:
H.-J
¹
¹
3.1 Enoncé
.<
"+.'"
:>,#,#
777"+.'"
.¼'"
777&'()*
¼
¼3
¼
$,$',<,<F
",I:
H.-J
.<
:>,#,#
777#+,'-3/6 30
¼7",IK:
(1
777.$/6¼280
¼7
7774++
(1
5 6.76'-76.76'-7
777
(1/988¼>:4>4
6¼280
¼7"
D(1/988¼>:4>4E
1-*I:#¼¼)
¼280
¼"
D1-*I:#¼¼)E
¼
@!
777=;,
)*
¼¼
¹
¹
I ¹¹¹
¹¹¹
::
:::?
:
¹¹¹
::
::
::?
¹¹¹
::
:?::?:
:??
?
¹¹¹
::
?:::
???:???
:?
¹¹¹
::
::?::?:
:?????
:
¹¹¹
::
¹
¹
210
D. Rossi – RES224
?:::
???:???:
::?
:
¹¹¹
::
:?::::?:
:????::
:?
¹
¹¹
¹¹¹¹
::
:?:::
??::??
:
¹¹¹
::=J
:?::;0
??::??:M$
:L:
¼
¼$,
$',<,<F",
I
H.-J.<
::GH.$
::>,#,#
¹¹¹¹¹¹
::=J
:::?:'05
:???:!6$
?#+,'-.(#/
:6 30
¼7
",IK
¹¹
::=J
?::H0
??:?:!6$
:?L:N(1
¹
::=J
::?:?:0O
:??:!4$
9.$(/6
?¼2¼0
¼7
¹
::=J
?::P0
??:?:!4$
:?L:6(1
¹
¹
¹
3.1 Enoncé
::=J
:::?:?:0
:??:!'$
4++
¹¹
::=J
?:::#G0
??:?::!':$
:L:
:5 6.76'-7
6.76'-7
¹
::=J
:::?:0
:?:?::!9$
4#¼¼,4
:/6:
0
¼74
/#
C(
?//2
::-3/+ 3
:::" 8 6 30
¼7;¼
?:+
/ 8
:?DP
5¼AE
#,#H¼
/
?/¼2¼
0
¼"8?*
/
8
¼
:?:/%A
B ::¼K,"(::
?B3K5
¼
/?
:¼
¼83¼¼
¹¹
::=J
?::-J0
??:?:!9$
:?L:9(1/98
8¼--
¹
::=J
::::?:0
:??::!$
Q=;,
¹
::=J
?::I0
??::??:!$
:L:>
¹
¹
212
D. Rossi – RES224
¹¹
::=J
:??:::D@0D
??::??!$
:L:;;;;;;
¹¹
::=J
:::::?:D0
:???!$
:
¹¹
::=J
:::?:?:D0O
:???!$
:
¹¹
::=J
:?:::DM0D
??:??!$
:L:>;;;;;;
¹
¹
¹
¹
I
± ¹
¹
¹
¹
¹
¹
¹
¹
¹
3.1 Enoncé
¤ 4
5
!!"""!#$
56
6¹
E¹
+¹
0¹
G¹
I¹
J¹
4¹
1¹¹¹¹¹¹¹
¹ ¹-¹
1¹¹¹¹¹ ¹,¹
¹?)¹¹¹¹-¹
.¹?¹¹¹ ¹
¹)¹¹-¹
.¹?¹¹¹ ¹*
¹)¹¹-¹
1¹¹¹¹¹ ¹¹<¹H2¹=¹-¹
1¹¹
¹¹¹
¹ ¹¹¹-¹
1¹¹¹¹¹ ¹¹ ¹<¹H2¹=¹-¹
1¹¹¹
¹ ¹¹)¹-¹
¹
¤
7
6¹
E¹
+¹
0¹
G¹
I¹
¹¹¹¹ ¹¹¹
¹¹
¹¹¹.999¹¹
¹¹
¹¹¹
¹
¹¹
¹
¹¹
¹¹¹ ¹)¹¹¹¹
¹¹¹¹)¹¹¹)¹¹
¹
¹¹
¹¹¹
¹¹?K¹)¹¹¹¹¹¹
¹?K¹)¹
¹¹<¹¹)¹=¹¹
J¹ ¹
¹¹ ¹ ¹)¹¹
4¹ ¹
¹¹¹¹
¹)¹¹)¹¹¹
L¹ ¹
¹¹¹¹
¹)¹)¹¹¹ ¹¹<,¹
¹ ¹¹¹=¹¹
67¹ ¹¹)¹ ¹¹¹¹)¹¹
66¹ ¹¹¹¹¹¹)¹)¹¹¹¹ ¹¹
¹
¹¹¹¹
6E¹ ¹¹¹,¹ ¹),¹
¹¹¹!¹¹¹)¹¹
6+¹ ¹¹¹¹¹
¹¹¹
¹¹¹K¹¹
60¹ ¹¹¹¹¹¹¹
¹¹¹¹K¹)¹¹¹¹
¹¹¹2¹¹
6G¹* ),¹ ¹"¹
¹?¹¹¹¹
<,¹
,¹ ,¹,¹,¹ ,¹=¹¹
6I¹ ¹¹¹K?¹¹¹"¹
¹¹¹¹
6J¹?
),¹¹¹¹¹
!¹¹¹¹¹
¹
¹
214
D. Rossi – RES224
64¹?
),¹¹¹¹¹677¹ ¹"¹
¹¹¹
6L¹ ¹"¹
¹¹¹ ¹)¹.¹¹¹
E7¹ ¹
¹¹¹¹¹¹
E6¹>¹
¹¹¹¹ ¹¹6I¹¹¹¹
EE¹#¹
¹¹¹¹ ¹¹EGG¹¹¹
E+¹ ¹
¹¹0,¹¹¹¹)¹¹¹.¹
¹¹
E0¹A¹
¹¹?)¹
¹?¹¹
¹MN¹¹
EG¹¹
¹
¹,¹¹¹ !¹¹ ¹
¹?¹
¹¹¹
¹¹< ,¹),¹)!=¹¹¹
EI¹ ¹¹
¹¹¹¹¹¹.¹
¹¹
EJ¹ ¹¹
¹¹¹
¹¹¹.¹
¹¹¹¹¹¹¹
E4¹ ¹¹¹
¹¹¹/¹
¹¹.¹
¹¹
EL¹ ¹¹
¹
¹¹¹¹>¹
¹¹¹
+7¹¹¹¹¹
¹¹)¹2
¹¹¹¹¹
+6¹¹¹¹¹¹¹)¹
¹¹¹ 5¹¹¹¹¹
+E¹¹¹< ¹"
=¹)¹¹¹)¹¹
¹¹¹
++¹¹/O¹
¹)¹¹¹¹¹¹¹¹ ¹¹¹¹
¹¹¹
+0¹¹
¹
¹¹¹¹¹
¹¹¹¹¹¹>¹
¹¹
+G¹¹¹
¹¹¹¹¹
¹)¹
¹¹
+I¹ ¹¹¹
¹¹¹
¹
¹ ¹
¹¹¹
+J¹¹/9¹
¹¹¹
¹
¹)¹
¹¹¹¹¹
¹¹¹
+4¹ ¹¹¹¹¹¹¹¹¹¹
+L¹ ¹ ¹¹
¹¹
¹¹?K¹
¹¹¹2¹¹¹K¹
)¹¹¹
07¹ ¹"¹¹¹¹¹¹)¹¹¹)¹¹
¹¹¹
¹
¹¹ ¹¹¹
¹
'
*˜Ø˜* *˜
** ˜*ؘ* ˜
6¹ :¹¹LD66¹K,¹¹"¹
¹<> =¹¹¹¹¹?¹
¹¹?¹PK¹)¹¹92¹?)¹¹)¹
¹¹LD66¹
¹
.¹¹j** ¹¹¹< ,¹¹¹1¹¹¹¹¹
¹¹1¹¹¹¹=-¹
E¹ #? ¹¹¹¹¹,¹2¹?)¹¹¹¹¹¹K¹
¹
Ø
,¹
¹ )¹¹¹?¹¹)¹¹
¹¹<
¹¹
)=¹¹)¹¹P¹?¹¹
¹
48
6¹ ¹)¹¹¹1¹ ¹)¹¹¹
¹,¹
¹¹)¹?¹
¹ ¹ ؘ* ¹ )¹ ¹ ,¹ ¹ ¹ ),¹ ¹ ¹ ¹
¹¹ ¹¹¹
¹ ¹ ¹¹.¹¹¹ ¹1¹¹¹ ¹ ?¹
A¹¹
¹¹
)¹?¹¹*¹
¹¹¹*,¹¹?¹¹2¹¹¹
¹¹¹K¹¹¹? ¹¹¹¹
¹¹ ¹¹¹)¹¹
*
*
¹¹A¹
¹¹¹¹
¹¹
)¹?¹)¹¹
¹ ¹¹*?¹¹
¹¹2¹
¹¹¹ ¹-¹
¹
¹
3.1 Enoncé
E¹ 1¹ ¹ ?¹ )¹ ¹ ¹ 1 ¹ K
¹ ) ¹¹
K
¹ ¹ ¹ ?¹ <?¹ ¹?¹ ¹ ?¹ )¹ ¹ ¹
(19AP¹ K)
¹ ¹ ¹ Q9AP¹ ¹ "=¹ -¹ ¹ ¹ ?¹ ¹ ?¹ ¹
¹¹K
¹-¹¹K
¹-¹
¤'
5?¹
¹¹¹ ¹¹K?¹¹
)¹¹¹¹-¹¹
E¹
¹)¹K¹¹¹¹¹¹
¹
)¹¹¹¹¹-¹
+¹ 1)¹
¹)¹K¹¹¹¹2)¹6+¹¹-¹¹
0¹ 5?¹
¹)¹K¹¹¹¹?¹¹
¹¹¹-¹
G¹ . ¹
¹¹ ¹)¹¹)¹¹¹¹?¹)¹
¹¹¹¹ ¹
¹¹?¹
¹¹¹)¹¹K¹K¹<.,¹?¹¹)¹) ¹-=¹
I¹ 1¹
¹¹¹)¹
¹¹˜
)¹¹-¹
J¹ 5?¹)¹ ¹¹
¹)¹K¹¹"¹¹¹¹)¹
)¹-¹
¹¹¹¹¹¹¹¹¹¹¹¹¹¹¹1¹¹¹M1?,¹@¹¹¹¹KN¹¹
¹
¹¹
¹¹/¹E77+,¹
¹
DD???
DDDE77+D
KD?"E77+
¹
¹
6¹
'
* ؘ
6¹ 1¹
¹¹¹¹¹""¹
¹¹
¹?¹ ¹ ¹
¹¹¹""
¹ -¹¹1¹¹¹¹
¹¹¹ ¹¹
¹-¹
E¹ ¹¹ ¹¹))¹
¹
¹""
¹ ¹?¹¹
""¹2¹¹),¹¹¹ ¹¹
¹)¹¹¹
?¹)¹¹¹
¹
¹¹¹8¹¹
¹
¹¹
¹
¹¹¹
¹
Ù5
$$5
¹¹¹¹¹K¹
,¹
¹¹?¹ ¹K¹
¹¹
¹¹<,¹?¹)¹DD¹¹¹
¹¹?¹=¹P¹¹)¹)¹?¹
¹ ¹ ˜Ø
¹*¹
¹¹¹>2D2¹¹¹
¹
¼¼ ¼¼
¼¼
¼
¼
¼ ¼
&,<-(
BB+<"P.",(</
:
:,<$.¼)
BB+<"P.",(</
¹
¹
216
D. Rossi – RES224
¼,<#G¼3
¼
BB+;&(.,J",(</
¼,<<"3
¼
¼
¼,<<"
¼
¼
¼,<<"
%8
8
¼,<<"
¼
¼
¼,<<"
¼
¼
BB+44,,(<+'",(</
¼3
¼,<+
¼
¼::,<+
¼
¼::,<+
¼
¼::,<+:
¼
¼::,<++++/////
¼
¼::,<+
BB+<"P.",(</
5553,<+:
5553,<+:
5553,<+:
5553,<+:
BB+;&(.,J",(</
3,<<"3
3,<<"3
3,<<"3
3,<<"3
3,<<"3
3,<<"3
3,<<"?3
BB+44,,(<+'",(</
?3,<+
3,<+
3,<+
3,<+:
3,<+
3,<+
3,<+:
BB=83/3¼
BB".H./RDE
BBP&</#
(://
BB#"F",I)/
¹
¹
¹
3.2 Correction
¤ !!"""!#$
¹
¹
%&
'((
¹
) ¹¹
¹¹¹¹¹¹¹¹¹
¹¹
¹¹¹¹¹¹¹¹¹ ¹
¹¹¹¹¹¹¹
¹
!¹"¹
¹¹
¹
¹¹
¹¹
#¹$¹¹¹¹¹¹¹¹%¹&¹¹
¹¹
¹¹¹
¹¹%¹¹¹
¹¹¹¹¹¹¹
¹
¹
)¹¹¹¹¹
¹¹¹¹¹¹¹¹¹¹¹
'%¹(%¹")%¹*#%¹+),%¹-$.-¹
¹
)* ¹¹&¹
¹¹ ."¹
$¹¹ ."¹¹¹¹¹
¹¹
¹/¹¹¹
¹
¹¹
¹
¹¹
¹¹¹¹
¹¹
¹¹¹
¹
¹+¹¹
¹
¹ ¹¹¹¹¹¹ ."¹
¹¹¹0¹¹
¹¹¹
¹¹
¹¹¹¹1¹¹¹¹¹
¹
¹
¹
) ¹¹2¹¹¹¹3¹ ¹¹&¹
¹2¹
¹¹
4¹5¹6%¹3%¹¹ %¹%¹7¹¹2¹
¹
¹68%¹
%¹
¹%¹7¹2¹2¹¹¹¹¹%¹
¹¹¹
¹¹¹¹¹9/¹
¹:¹
¹¹
)+¹
:¹¹'¹¹
¹¹
¹&¹;¹¹
¹<¹¹
=¹¹¹
'¹¹¹¹
¹¹¹¹¹¹¹
¹
¹¹¹¹
¹
¹
¹*¹
¹¹¹
¹
¹¹¹¹¹¹
¹
¹
¹¹¹¹&¹
¹
¹¹¹¹
¹¹
¹
¹¹¹¹¹¹&¹¹¹¹¹¹
¹
¹
218
D. Rossi – RES224
¹
¹¹¹'¹6¹¹¹
¹¹¹¹
¹
¹'¹
7¹
¹
),4¹¹¹¹
¹¹
¹¹
¹9¹*#%¹¹
¹¹¹
¹;¹¹¹<¹¹¹
¹;¹¹¹
¹<¹>¹¹¹:¹¹¹¹>¹
¹¹¹¹¹¹¹¹¹¹¹¹¹¹
¹&¹¹¹
¹¹¹¹¹¹¹¹¹¹¹¹¹¹¹¹¹
¹ ¹¹¹;¹¹¹¹<%¹¹¹*#¹¹
¹¹¹¹
¹¹¹¹¹¹
¹0-0¹ ¹¹¹;¹¹¹<%¹
¹¹*#¹
¹¹¹¹¹
¹¹¹¹60-07¹¹
¹
¹¹¹
¹¹6 -$-7¹$?¹¹¹¹¹¹¹¹¹¹
¹¹¹¹¹*#¹¹¹¹¹¹
¹42+¹
¹
)- ¹¹¹
¹¹¹¹*#¹¹+),¹
¹¹¹*#¹¹¹¹¹
¹¹¹¹¹¹1¹
¹¹¹¹¹¹¹+),¹¹¹
¹¹¹¹
@¹
¹¹¹¹¹¹¹¹¹¹
¹
)."¹¹¹¹¹¹A¹¹
¹ ¹¹¹¹
¹¹
¹¹
¹¹¹¹
$¹/¹@¹6B-7¹¹
¹¹¹¹%¹¹¹¹@¹
B-¹¹¹¹¹
¹
)/"¹¹¹¹C%¹
¹¹¹¹¹¹
¹(¹D¹¹
(¹¹
¹(¹D%¹¹¹¹ ¹¹¹¹@¹¹¹(¹¹¹
¹¹¹ ¹¹¹¹
¹@¹
¹¹
)04¹¹¹&¹
¹B+¹
¹&¹
¹¹A-E¹
$¹B+¹¹¹¹
¹¹¹ ¹
¹&¹%¹¹¹¹
¹¹¹¹@¹
¹9¹*"¹¹¹%¹¹¹¹
¹
¹B-¹¹¹¹/¹
¹
¹¹20$¹
¹¹@¹
¹
)4¹¹
¹¹
¹¹¹¹¹(¹¹
¹¹ ¹¹¹
¹¹¹¹/¹¹¹¹
¹
) ¹¹¹
¹¹A-E¹¹¹3¹
¹¹¹¹(%¹¹¹¹
¹¹¹¹"5¹'
¹
¹
%1$1$12
)-:¹¹
9¹
¹@¹(¹¹¹¹6
7¹>¹
¹
)4¹¹¹
¹¹ ¹¹¹
¹¹
¹¹¹¹¹¹
¹(¹¹>¹
¹
¹
3.2 Correction
)*2¹¹A¹:¹9¹
¹
¹¹¹¹¹A¹>¹
¹
)¹¹$¹¹(¹:¹¹¹>¹
)+$¹¹(¹¹¹
¹
¹
¹¹¹¹
*#¹
¹¹¹
¹¹A-E)+$¹>¹
), ¹¹
¹¹A-E)+$¹
¹&¹¹¹
¹&¹
5¹
)- ¹9¹¹
¹¹¹¹
¹¹
¹
¹¹¹A-E)+$¹
¹
%1$1$1
3¹ ¹ ¹ A%¹ ¹ ¹ ¹ * ¹ ¹ ¹ ? ¹ ¹ ¹
)""%¹¹¹¹¹¹¹
¹¹¹
? ¹¹¹)""¹$¹¹
¹¹ ¹¹ ¹¹¹ ¹ ¹ ¹ ¹0¹¹ *¹ ¹ ¹¹¹
¹
¹?¹¹%¹¹¹¹?
¹+¹
¹¹A¹
3¹ ¹ ¹ $¹ ¹ ¹ ¹ A¹ ¹ ¹ ¹ ¹ ?¹ ¹ ?¹ ¹ ¹
¹ ¹ 5¹ ¹ ?
¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹
¹*¹¹¹¹¹
?¹
¹¹¹¹¹¹¹
¹¹¹¹
¹¹
¹¹
ù 3¹¹¹
¹¹¹A¹
¹¹¹¹
FG¹ ¹¹¹(HD¹¹?¹¹
¹¹¹
F!G¹ ¹¹¹(HD¹¹¹¹¹¹
¹¹¹
F#G¹ ¹¹¹(H¹¹¹¹¹¹
¹¹
F,G¹ ¹¹¹(H¹¹¹¹
¹¹
¹
¹¹¹%¹!¹0¹¹¹
I¹ ¹¹0¹¹?¹
¹¹ ¹¹¹6"I.¹H¹"I.J7¹
¹
/¹0¹¹¹¹
¹
¹¹6B-KJ%¹
7¹¹¹
98¹
¹?85
¹¹?¹
¹¹ ¹
¹¹%¹¹
FG¹¹¹¹¹¹ ¹¹¹¹
¹¹L¹¹¹¹¹
¹¹%¹¹¹!¹0¹¹¹¹¹4
¹@%¹¹/¹
0¹¹¹¹¹¹ ¹6'+.H'+.J7¹¹
¹¹¹¹
¹ ¹ ¹¹¹
¹¹
/¹ %¹¹¹
¹¹¹¹¹
¹0¹
¹¹
¹ %¹¹¹¹
¹¹
¹¹¹%¹
¹¹¹
¹
¹
220
D. Rossi – RES224
$M6#¹07¹K¹6#¹07¹K¹6#¹07¹K¹6!¹07¹M¹¹0¹
"¹¹¹
¹¹¹
¹ ¹¹@¹¹¹¹B-¹(¹¹
%¹¹
$M6!¹07¹K¹6!¹07¹K¹6!¹07¹K¹6!¹07¹M¹C¹0¹
F!G¹¹¹¹¹¹ ¹¹
¹¹¹¹¹ ¹ ¹¹
¹¹¹¹
¹
¹ ¹¹¹
?¹0¹¹¹:59¹
8¹¹¹0¹¹¹¹
%¹
¹¹¹¹¹¹¹!¹
0¹¹¹
$¹M¹6!07¹K¹6!¹07¹M¹,¹0¹
F#G¹¹¹¹?¹¹¹¹¹¹ ¹9¹¹¹¹
%¹¹
¹¹
¹¹¹ *%¹¹¹%¹¹
¹¹¹
?¹0¹6B-¹¹¹¹¹
¹7%¹
¹¹¹
$¹M¹6!07¹K¹0¹K¹0¹K¹0¹M¹N¹0¹
F,G¹¹¹¹¹¹¹¹
¹¹¹%¹¹¹¹¹
@¹
¹¹@¹¹(L¹¹¹¹¹
¹¹¹O¹)""%¹¹¹
0¹¹¹¹¹%¹¹
¹
$¹M¹6!07¹K¹0¹M¹#¹0¹
%&
3
'
0¹
¹
¹")¹6¹¹
¹
%¹¹¹0'¹+-'7¹
¹
ö ¹¹ ¹ ¹ ¹ ¹ ¹ ¹ $¹ ¹ @¹ ¹ ¹
¹¹
¹¹
¹
¹
¹¹
¹¹¹
¹
¹ ¹¹
¹¹$¹
¹
¹ ¹6¹
¹7¹
¹¹¹
¹
¹¹
¹
¹¹6¹
¹¹¹
¹
7¹
¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ $¹
¹
¹¹¹
¹¹¹¹¹¹¹¹%¹¹¹
¹¹¹
¹¹¹/¹;¹¹<¹¹¹/¹¹
ù¹¹¹
¹¹¹
¹¹
¹¹ ¹ ¹ @¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹
%¹¹
¹¹¹¹
¹¹¹¹¹¹
¹¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹
$¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹
¹¹¹¹
¹
¹
¹
¹¹¹
¹¹¹¹¹¹¹
¹¹&¹¹
9¹
¹¹
¹
¹¹¹¹
) - ¹ ¹ ¹ ¹ ¹ ")¹ ¹ ¹ ¹ ¹ 9/¹¹
/¹
¹
¹
3.2 Correction
¹
) ¹¹¹¹¹
¹¹¹¹¹")¹
¹¹
¹
¹+¹¹¹¹¹-¹
) * ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹ ¹
¹
) ¹¹¹¹¹
¹¹¹
¹¹¹3¹¹ 2¹")¹
)+ ¹¹
¹
¹* ¹")¹6¹¹¹/¹?¹
?¹¹:
7¹¹¹¹¹¹¹¹ ¹¹¹¹¹¹¹¹¹
¹¹¹¹¹¹¹
¹¹
¹ ¹¹¹¹
¹¹¹
¹¹ ¹¹¹¹¹¹¹¹@¹¹
R ¹¹ ¹¹¹¹¹¹
¹
¹ ¹
¹
),
4¹¹¹¹ ¹
¹¹¹6¹7¹
¹¹Ø Ø ¹")%¹
¹¹
¹
¹¹¹-¹¹+¹>¹6¹¹¹¹9¹¹¹
¹¹¹¹7¹¹
¹
¹¹¹
¢ ¢
¢
¢
¢
¢ ¢ !
¢
¢"#$$¢%
&'()*
¢
¢
¢
#+,'-.(#/¢0
¢
(1
.$(/¢2¢0
¢
/33
33
.$(/¢2¢0
¢
(1
4++
5 6.76'-76.76'-7
¢¢83¢¢
(1/988¢4:
;.<
/33
33
=8,
>
¢
¢¢?
¢
¢ 3)¢280
¢
"8?*/¢
¢
8
¢
(
¢ ¢280
¢
@!)
¹
¹
222
D. Rossi – RES224
)*
¢"#$"
3:2"8
A:B#
C(
//2D"E
777&'()*
¢
)*
¢& ¢@!C¢38
<&+<4"+;"(4"
$,$',<,<F
G$<
H.>
:>,#,#
",I
4"<
.<
4',H.>J
&'$
777H.>
H?¢3
777#+,'-3/6 30)*
¢7",IK
6 30)*
¢7"
1
777.$/6¢280
¢7
7774++
6¢280
¢7.
1
3C
5 LL
?¢
777
6¢280
¢7
¢3
¢)
¢3
¢"#$$¢%
777&'()*
¢
¢3
¢
$,$',<,<F
",I:
H.-J
.<
"+.'"
:>,#,#
777"+.'"
.¢'"
777&'()*
¢
¢3
¢
$,$',<,<F
",I:
H.-J
.<
:>,#,#
777#+,'-3/6 30
¢7",IK:
(1
777.$/6¢280
¢7
7774++
(1
5 6.76'-76.76'-7
777
(1/988¢>:4>4
6¢280
¢7"
D(1/988¢>:4>4E
1-*I:#¢¢)
¢280
¢"
D1-*I:#¢¢)E
¢
@!
777=;,
)*
¢¢
¹
¹
¹
¹
¹
¹
3.2 Correction
¤
: ¹¹¹
::
:::?
:
: ¹¹¹
::
::
::?
: ¹¹¹
::
:?::?:
:??
?
: ¹¹¹
::
?:::
???:???
:?
: ¹¹¹
::
::?::?:
:?????
:
: ¹¹¹
::
?:::
???:???:
::?
:
: ¹¹¹
::
:?::::?:
:????::
:?
¹
: ¹¹¹¹¹¹
::
:?:::
??::??
:
: ¹¹
¹
::=J
:?::;0
??::??:M$
:L:
¢
¢$,
$',<,<F",
I
H.-J.<
¹
¹
224
D. Rossi – RES224
::GH.$
::>,#,#
: ¹¹¹¹¹¹
::=J
:::?:'05
:???:!6$
?#+,'-.(#/
:6 30
¢7
",IK
: ¹¹
::=J
?::H0
??:?:!6$
:?L:N(1
: ¹
::=J
::?:?:0O
:??:!4$
9.$(/6
?¢2¢0
¢7
: ¹
::=J
?::P0
??:?:!4$
:?L:6(1
: ¹
::=J
:::?:?:0
:??:!'$
4++
: ¹¹
::=J
?:::#G0
??:?::!':$
:L:
:5 6.76'-7
6.76'-7
: ¹
::=J
:::?:0
:?:?::!9$
4#¢¢,4
:/6:
0
¢74
/#
C(
?//2
::-3/+ 3
:::" 8 6 30
¢7;¢
?:+
/ 8
:?DP
5¢AE
#,#H¢
/
¹
¹
3.2 Correction
?/¢2¢
0
¢"8?*
/
8
¢
:?:/%A
B ::¢K,"(::
?B3K5
¢
/?
:¢
¢83¢¢
: ¹¹
::=J
?::-J0
??:?:!9$
:?L:9(1/98
8¢--
: ¹
::=J
::::?:0
:??::!$
Q=;,
: ¹
::=J
?::I0
??::??:!$
:L:>
: ¹¹
::=J
:??:::D@0D
??::??!$
:L:;;;;;;
: ¹¹
::=J
:::::?:D0
:???!$
:
: ¹¹
::=J
:::?:?:D0O
:???!$
:
: ¹¹
::=J
:?:::DM0D
??:??!$
:L:>;;;;;;
¹
¹
¹
¹
¹
¹
226
D. Rossi – RES224
¤ 4
5
!!"""!#$
56
¹ A¹¹¹¹¹¹¹
¹ ."¹>¹¹
."¹¹¹¹9¹¹¹7¹¹¹
¹¹
¹¹+¹
¹¹+¹¹
¹!7¹
¹¹¹¹
9¹¹
¹
!¹ A¹¹¹¹¹ ."¹%¹
¹59¹¹¹¹>¹
¹9¹ ."¹¹¹¹¹+¹¹¹+¹
¹
9¹¹¹+¹
¹¹85%¹¹¹¹¹¹8¹5
¹¹
¹
¹¹¹
¹ ¹6¹¹%¹¹¹%¹7¹
#¹ +¹5¹¹¹ ."¹
¹9¹¹>¹¹
9%¹¹9¹65¹
¹%¹5¹¹5%¹5¹¹¹
""(¹%¹5¹¹¹+¹)¹%¹5¹¹¹ ¹
¹)#¹¹¹ E¹
%¹5¹9¹¹¹¹¹%¹7¹
,¹ +¹5¹¹¹ ."¹*
¹9¹¹>¹
A¹9¹¹8%¹
%¹¹¹¹
¹¹¹¹6¹
%¹5¹9¹¹¹9¹5¹¹8¹¹¹¹ ."¹¹
7¹
N¹ A¹¹¹¹¹ ."¹¹6¹P ¹7¹>¹¹
E+. %¹¹E89¹+¹.¹ ¹
Q¹ A¹¹
¹¹¹
¹ ."¹¹¹>¹2 N#¹6
¹N#7¹
R¹ A¹¹¹¹¹ ."¹¹¹6¹P ¹7¹>¹¹
8%¹
%¹¹¹
¹
C¹ A¹¹¹
¹ ."¹¹9¹>¹9¹
¹
¤
7
¹
!¹
#¹
,¹
N¹
Q¹
."¹¹¹¹¹¹í¤89¹
."¹¹
¹¹¹+---¹¹
¹¹
."¹¹¹
¹
¹¹¹í¤89¹
."¹
¹¹
¹¹¹¹9¹¹¹¹¹í¤89¹
."¹¹¹¹9¹¹¹9¹¹
¹
¹¹í¤89¹
."¹¹¹
¹¹58¹9¹¹¹¹¹¹
¹58¹9¹
¹¹6¹¹9¹7¹¹
R¹ ."¹
¹¹ ¹.¹"9¹¹
¹
¹
3.2 Correction
C¹
S¹
."¹
¹¹¹¹
¹9¹¹9¹¹¹¹í¤89¹
."¹
¹¹¹¹
¹9¹9¹¹¹¹¹6%¹
¹¹¹¹7¹¹
D¹ ."¹¹9¹2 ¹¹¹¹9¹¹
¹ ."¹¹¹¹¹¹9¹9¹¹¹¹¹¹
¹
¹¹¹¹
!¹ ."¹¹¹%¹¹9%¹
¹¹¹3¹¹¹9¹¹í¤89¹
#¹ ."¹¹¹¹¹
¹¹¹
¹¹¹8¹¹
,¹ ."¹¹¹¹¹¹¹
¹¹¹¹8¹9¹¹¹¹
¹¹¹ ¹¹
N¹*9%¹ ."¹:¹
¹5¹¹¹¹
6%¹
%¹%¹%¹%¹%¹7¹í¤89¹
Q¹ ."¹¹¹85¹¹¹:¹
¹¹¹¹¹í¤89¹
R¹.5
9%¹¹¹¹¹
3¹¹¹¹¹í¤89¹
C¹.5
9%¹¹¹¹¹DD¹ ."¹:¹
¹¹¹í¤89¹
S¹ ."¹:¹
¹¹¹
¹9¹+.¹¹¹
!D¹ ."¹
¹¹¹¹¹¹
!¹$¹
¹¹¹¹¹¹Q¹¹¹¹
!!¹'¹
¹¹¹¹¹¹!NN¹¹¹í¤89¹¹
!#¹ ."¹
¹¹,%¹¹¹¹9¹¹¹+¹
¹¹
!,¹0¹
¹¹59¹
¹5¹¹
¹TU¹¹
!N¹¹
¹
¹%¹¹¹3¹¹¹
¹5¹
¹¹¹
¹¹6%¹9%¹937¹¹¹
!Q¹ ."¹¹
¹¹¹¹¹¹+¹
¹¹í¤89¹
!R¹ ."¹¹
¹¹¹
¹¹¹+¹
¹¹¹¹¹¹¹í¤89¹
!C¹ ."¹¹¹
¹¹¹)¹
¹¹+¹
¹¹
!S¹ ."¹¹
¹
¹¹¹¹$¹
¹¹¹í¤89¹¹
#D¹¹¹¹¹
¹¹9¹ ¹¹¹¹¹¹
#¹¹¹¹¹¹¹9¹
¹¹¹ (¹¹¹¹¹
#!¹"¹¹6¹:
7¹9¹¹¹9¹¹
¹¹¹í¤89¹¹
##¹¹)V¹
¹9¹¹¹¹¹¹¹¹¹¹¹¹
¹¹¹í¤89¹
#,¹¹
¹
¹¹¹¹¹
¹¹¹¹¹¹$¹
¹¹
#N¹¹¹
¹¹¹¹¹
¹9¹
¹¹í¤89¹
#Q¹ ."¹¹¹
¹¹¹
¹
¹¹
¹¹¹¹í¤89¹
#R¹¹.)-¹
¹¹¹
¹
¹9¹
¹¹¹¹¹
¹¹¹
#C¹ ."¹¹¹¹¹¹¹¹¹¹
#S¹ ."¹¹¹
¹¹
¹¹58¹
¹¹¹ ¹¹¹8¹
9¹¹¹
,D¹ ."¹:¹¹¹¹¹¹9¹¹¹9¹¹
¹¹¹
¹
¹¹¹¹¹
¹
'
*Ø* *
** *Ø* ¹ E¹¹SH¹8%¹¹:¹
¹6$ 7¹¹¹"¹¹5¹
¹¹.5¹I8¹9¹¹- ¹59¹¹9¹
¹¹SH¹
¹
¹
¹
228
D. Rossi – RES224
+¹¹j** ¹"¹¹6%¹¹¹A¹¹¹"¹¹
¹¹A¹¹¹"¹7>¹¹
A¹¹5¹"¹¹9¹¹ ."¹¹¹
¹¹¹"¹
¹A¹¹¹6%¹55537¹¹¹A¹¹¹ ."¹¹
¹
¹¹¹$ ¹¹¹¹3¹
¹¹¹¹¹¹A¹¹
¹¹¹+¹
%¹8¹¹A¹
5
¹¹¹¹ ."¹
¹¹¹¹
!¹ '5¹¹¹¹¹%¹ ¹59¹¹¹¹"¹¹8¹
¹
Ø
%¹
¹9¹¹¹5¹¹9¹¹
¹¹6
¹¹
97¹¹9¹¹.I¹5¹¹¹
¹¹ ."¹¹¹"¹¹9¹
¹9¹::
¹
¹
¹
9%¹9¹¹¹¹¹(5%¹¹
¹
¹
¹¹::¹
¹¹9¹ %¹¹¹¹ ."¹¹
¹¹¹ ¹¹¹*¹¹ ¹¹5¹
%¹¹¹
¹
¹¹5
¹¹
¹¹¹9¹¹¹¹$ ¹¹
¹
4:
¹ ¹9¹¹¹A¹¹9¹¹¹
¹%¹
¹¹9¹5¹
¹ ¹ Ø* ."¹ 9¹ ¹ %¹ ¹ ¹ 9%¹ ¹ ."¹ ¹
¹¹ ¹¹¹
¹ ¹ ¹¹+¹¹¹ ¹A¹¹¹ ¹ 5¹
0¹¹
¹¹
9¹5¹¹*¹
¹¹¹* %¹¹5¹¹ ¹¹¹
¹¹¹8¹¹¹5¹¹¹¹
¹¹¹¹¹9¹¹
*
*
¹¹0¹
¹¹¹¹
¹¹
9¹5¹9¹¹
¹ ."¹¹*5¹¹
¹¹ ¹
¹¹¹
¹>¹
!¹ A¹ ¹ 5¹ 9¹ ¹ ¹ A¹ 8
¹ 9¹¹
8
¹ ¹ ¹ 5¹ 65¹ ¹5¹ ¹ 5¹ 9¹ ¹ ¹
4A-0I¹ 89
¹ ¹ ¹ W-0I¹ ¹ :7¹ >¹ ¹ ¹ 5¹ ¹ 5¹ ¹
¹¹8
¹>¹¹8
¹>¹
¤'
¹
!¹
#¹
,¹
¹
(5¹
¹¹¹ ."¹¹85¹¹
9¹¹¹¹>¹¹
¹¹ ."¹¹¹9¹
¹5¹¹
9¹¹¹¹¹
¹¹¹¹¹'¹6¹5¹
>7¹
¹9¹8¹¹¹¹¹¹
¹
9¹¹¹¹¹>¹
I%¹
¹
¹9¹
¹'¹%¹¹
9¹¹¹¹¹
¹¹¹
¹¹¹¹¹
¹¹¹%¹¹¹
¹¹¹
¹
¹9¹¹5¹¹¹¹¹$¹¹ ¹%¹¹
¹¹¹
¹¹T:U¹¹¹5
%¹
¹¹¹¹9¹ ."¹¹
¹$¹
¹+
%¹¹¹
¹¹¹$¹ ¹9¹¹¹
%¹9¹¹ ¹¹¹¹$¹ ¹¹¹ ."¹¹
5
¹
¹¹¹¹5¹'¹
A9¹
¹9¹8¹¹¹¹ 9¹#¹¹>¹¹
E¹?¹¹5¹9¹¹9¹¹¹¹¹¹N!¹9¹2 ¹8¹
(5¹
¹9¹8¹¹¹¹5¹¹
¹¹¹>¹
$¹¹¹E+. ¹¹¹¹¹¹¹
¹¹¹
¹¹¹
¹¹¹607¹9¹¹¹¹¹¹%¹¹
¹
3.2 Correction
¹
¹
¹
¹
¹
¹
¹
¹
N¹
Q¹
R¹
¹¹¹¹¹¹9¹¹9¹¹
¹¹9¹
¹¹+¹¹
%¹0¹¹
¹¹¹¹¹¹
5¹¹¹¹¹¹¹
¹¹¹¹
¹9¹¹
¹
¹5¹8¹¹8:¹¹%¹5¹¹¹
0X8¹M¹X0-$IX8¹Y¹X42-"+*.X8¹
¹¹%¹¹¹¹
¹¹
¹¹¹0XDX8¹
5¹¹99¹5¹¹9¹:5
¹¹
¹
0XDX8¹O¹0X¹¹
¹9¹%8¹
¹
¹¹
¹%¹9¹¹0XDX8¹¹¹
¹¹¹9¹¹
¹¹5¹FD%8G¹%¹¹¹5¹59¹¹¹ ."¹¹¹¹5¹
¹5¹0¹%¹¹¹
¹
0XDX¹M¹¹8¹6¹0XDX8¹7¹¹
5¹¹¹¹
¹¹¹0¹¹0X¹5¹¹
¹"¹¹
0XDX8¹¹¹¹¹5¹¹9¹
¹O¹0X%¹¹¹¹¹¹¹
8¹¹¹5¹¹
¹¹¹¹¹
¹¹¹%¹¹¹5¹
9¹¹¹¹¹5¹0X8¹¹%¹
¹¹¹ ¹¹6¹
¹
¹¹07¹9¹5¹¹
¹¹¹
¹¹9¹¹9¹¹¹¹¹¹9¹¹¹
¹¹
¹¹¹58¹¹
+¹
¹¹ ."¹9¹¹9¹¹¹¹5¹9¹
¹¹¹¹ ."¹
¹¹5¹
¹¹¹9¹¹8¹8¹6+%¹5¹¹9¹9¹>7¹
E¹¹5¹
9¹
¹¹¹
¹¹¹ ."¹¹9¹¹¹
¹¹¹+
%¹¹9¹8¹¹¹ ¹
¹¹
%¹5¹
¹¹¹¹¹9¹
9¹9
¹¹20$¹
HH
¹¹¹9¹¹5¹"¹¹¹¹
¹TU¹
¹¹ ¹69¹7%¹¹9¹5¹¹
¹¹¹ ."¹¹¹¹¹
5¹¹¹¹
¹
¹¹ ¹0¹¹5¹5¹¹¹¹¹¹
¹¹
A¹
¹¹¹9¹
¹¹
9¹¹>¹
.¹¹
¹
¹¹9¹¹
¹¹¹¹¹ ."¹
¹6+%¹¹¹7¹9%¹¹¹
¹
¹9¹9¹¹
¹TU¹¹¹
%¹¹¹¹¹
9¹
¹¹¹9¹+¹
%¹¹¹¹¹¹5¹¹
¹¹¹¹¹%¹¹¹¹:
5
¹¹%¹:¹¹¹9¹9¹5¹
¹"¹¹¹¹¹5¹¹¹¹
¹
(5¹9¹ ."¹¹
¹9¹8¹¹:¹¹¹¹9¹
9¹>¹
9¹¹9%¹¹DD¹¹¹¹
9¹E9¹%¹9¹¹¹
¹6Z,N[7%¹¹¹
¹6!N[%¹%¹5¹¹¹+ ¹
7¹*¹¹¹
¹85¹$ ¹6![7¹¹¹¹¹
¹¹¹¹
¹
9¹
¹6R[7¹*%¹¹¹¹¹¹6%¹¹9¹¹¹
¹ ."¹¹¹¹ ¹¹7¹¹¹![¹¹
'¹¹
%¹¹¹¹
¹9¹A¹¹¹TA5%¹?¹¹¹¹
8U¹%¹¹¹¹¹
¹¹)¹!DD#%¹¹¹
HH555
HHH!DD#H
8H5:!DD#
¹
¹
¹
¹
¹
230
D. Rossi – RES224
'
* Ø
¹ A¹
¹¹¹¹¹::¹
¹¹
¹5¹¹ ."¹
¹¹¹::
¹>¹¹A¹¹¹¹
¹¹¹¹¹
¹>¹
¹¹¹¹
¹ ."¹¹6%¹¹¹ ."¹7¹
¹¹$¹¹¹¹
¹¹¹¹$¹¹67¹
¹¹¹¹+¹
¹
¹5¹¹¹¹
¹67¹¹¹
¹
58¹¹ ¹:¹¹6%¹¹
¹7¹¹5¹A¹¹
¹
¹¹A¹¹¹¹¹
¹¹¹¹$¹¹67¹
¹ ."¹¹65¹¹ ¹
¹¹¹58¹
¹¹ ."¹7¹
¹
67¹ ¹9¹¹¹¹¹5¹¹¹ ."¹¹¹¹9¹
!¹ ¹¹ ."¹¹99¹
¹
¹::
¹¹5¹¹
::¹ ¹¹9%¹¹¹ ."¹¹
¹9¹¹¹
5¹9¹¹¹
¹
¹¹¹B¹¹
¹
¹¹
¹
¹¹¹
E9¹TU¹¹::
¹%¹¹¹ ."¹¹¹
¹¹
."¹8:¹
9%¹¹¹¹ ¹9¹¹
¹¹¹
(5%¹¹
¹ ¹ ."¹¹
¹58¹
¹¹8¹¹
::
¹¹¹9¹¹¹
¹
¹
L5
$$5
¹¹¹¹¹8¹
%¹
¹¹5¹ ."¹8¹
¹¹
¹¹6%¹5¹9¹H."H¹¹¹
¹¹5¹7¹I¹¹9¹9¹5¹
."¹¹ !Ø
¹*¹
¹¹¹$ H2 ¹¹¹
¹
¢¢ ¢¢
¢¢
¢
¹
I¹ 9¹(+.'*¹9¹
I¹ ¹¹¹¹9¹¹.)-¹¹¹9¹¹¹¹¹¹¹¹
I¹ F\8
G]¹¹:¹(+.'*¹¹
¢
¢ ¢
&,<-(
I¹ 9¹(+.'*¹9¹
I¹ ¹%¹¹¹¹¹¹¹(+.'*¹
¹¹¹¹
I¹ F\8
G]¹¹:¹(+.'*¹¹
BB+<"P.",(</
:
:,<$.¢)
I¹ 0¹9¹
I¹
¹: ¹#DS!CQ¹
I¹ LL¹42-"+*.¹"-+*.¹
I¹ LCQS!#D:
¹¹¹¹¹+.¹¹¹¹¹¹0¹
BB+<"P.",(</
¢,<#G¢3
¢
¹
¹
3.2 Correction
BB+;&(.,J",(</
¢,<<"3
¢
¢
¢,<<"
¢
¢
¢,<<"
%8
8
¢,<<"
¢
¢
¢,<<"
¢
¢
BB+44,,(<+'",(</
¢3
¢,<+
¢
¢::,<+
¢
¢::,<+
¢
¢::,<+:
¢
¢::,<++++/////
¢
¢::,<+
¹
¹ )V¹9¹49¹9¹
¹ F\¹
G]¹
¹:¹)V¹¹¹
¹ .¹¹¹¹."¹¹¹
¹¹¹9H
¹¹
BB+<"P.",(</
5553,<+:
5553,<+:
5553,<+:
5553,<+:
BB+;&(.,J",(</
3,<<"3
3,<<"3
3,<<"3
3,<<"3
3,<<"3
3,<<"3
3,<<"?3
BB+44,,(<+'",(</
?3,<+
3,<+
3,<+
3,<+:
3,<+
3,<+
3,<+:
BB=83/3¢
BB".H./RDE
BBP&</#
(://
BB#"F",I)/
¹
I¹  ¹¹
¹
I¹ :¹¹R¹¹
I¹ :¹ ¹¹
¹
¹¹¹:¹
¹¹¹
¹¹
¹ ¹
¹
¹¹
¹R¹
R¹ ¹¹¹
¹R¹ ¹¹R¹¹¹: ¹¹
¹
¹
232
232
4 Travaux pratiques (TP)
D. Rossi – RES224
4.1 Enoncé
¹ ¹
""##$$$
#%
!¹
&
""##
#$'#
¹ ¹ ! " #
$ % & ¹ " '$%
& ( )*+,
- . ¹ " #'
( !
, " #" & ' ("'
‚ !
" # $
% &' ‚ (
) ) *+‚ "##$$$))
%
, +-./010
. $ !%
*
#
, 23 .
1˜ O 4 56
$( ) /˜ ' ( 23
3 ((
5'
$ . $ 4 23
7˜ . $ 4 236
% % 23 5 8 % $ ( $ 9 :˜ 8 % $ $ 9 4 + $ ) % $ 9 4 ( ;˜ -
, 4
, <
˜ <
= 5 234
D. Rossi – RES224
˜
, ), 5
$ % ) <
4
!
, 9
, , #
"+
8
% 7
!87# +. 1>7> 4 % % $ % ‚ )
8 %
17?1>:1>//:; % 8 % 17?1>:10@0@ 6
, . 8
L˜ "
$
, , = % 8. , , % 8) ,"
!%
+-.#‚ ) %
17?1>:1>//:;% 17?1>:/1:170' $ $ ,
% +-.A;: 3 +-.A;A 3 B 8
+-.A;; 8
3 +-.A;> 38
+-.A;0 +-.A;? "8
+-.A0@ ,C 8
+-.A01 "4 (
8
"-'
6
, 9 D
6
%% $ %
$ D % D 4
D, !83-
, #
%
$ % <
L˜ C6.
3,, < D C6.5
L˜ ' 3,, < DE
,F 23
L˜ .
3,, < $ 4
G ‚
4
L˜ 6
3,, <)% % $ %
4.1 Enoncé
*
* (,
< <==GGGG
,==
<==GGGG
,=
-6O< < <==G
G
,=
" 4 , *
, ) , ) 4
, ' % , ' %
-
%
, L˜ 4 . ' @4@0 !.# 4 HH @4@0 -
6 ) , L˜ , 4 17?1>:1>///>
-
HH17?1>:1>///>
, 4 17?1>:1>///> 17?1>:1>//>
-
HH17?1>:1>///>
HH17?1>:1>//>
L˜ 3
, 4 % I % $ % 4
$ "
3
$ -
4 -
3
,3
4
)%% $ 4
!
# ‚ J , 6
"4 % 4 + $(% ) ,
, 4 6
)
-
% , $ 236
236
D. Rossi – RES224
5 Lectures obligatoires (LO)
Les documents ci-joints se focalisent sur SPDY, que la version française de Wikipedia definit comme:
SPDY (prononcé Speedy pour rapide en anglais) est un protocole réseau expérimental fonctionnant sur la couche application créé pour transporter du contenu Web. SPDY est une
proposition, conçue par Google, visant à augmenter les capacités du protocole HTTP sans
toutefois remplacer ce dernier.
Le but premier de SPDY est de réduire la durée de téléchargement des pages Web1 en classant par ordre de priorité et en multiplexant le transfert de plusieurs fichiers (ceux composant
une page web) de façon à ce qu’une seule connexion soit requise.
Comme il est facile d’apercevoir, les pages de Wikipedia en français ou en anglais ont souvent un
volume et une qualité de contributions et de references trés differentes. Mais si Wikipedia en anglais
s’avère être une meilleure source pour les articles techniques, il ne reste qu’un point de départ, auquel
il faut donc pallier avec des documents supplementaires. Or, le fait d’utiliser des documents externes á
donc plusieurs buts:
1. repondre aux questions d’efficacité que l’on peut soulever
2. montrer un approche d’ingenierie rigoureux pour atteindre ces resultats
3. montrer des differents type de sources (articles de vulgarisation ou techniquement pointus)
4. vous solliciter á l’usage de l’anglais pour vous source d’information
Faute d’espace, on n’a pas retenu utile inclure les documents normateur IETF, qui sont en cours
d’évolution, d’autant plus que la situation est loin pour l’instant d’etre completement figée. Specifiquement, les lectures obligatoires (dont on ne retrouve pas référence á partir de Wikipedia!) se concentrent
cette année sur:
1. le Whitepaper de Google sur SPDY (Sec. 5.1), qui trés succintement decrit le protocole ainsi que
ses resultats
“SPDY: An experimental protocol for a faster web,” Whitepaper available at http:
//dev.chromium.org/spdy/spdy-whitepaper
2. un article de vulgarisation (Sec. 5.2) qui est utile pour comprendre les enjeux derrier SPDY, et qui
se consacre au protocole
Bryce Thomas, Raja Jurdak, and Ian Atkinson. “SPDYing up the web.” Communications of the ACM Vol. 55. No. 12, pp. 64-73, December 2012
3. un premier article technique (Sec. 5.3) qui creuse les resultats de SPDY dans un contexte mobile
Jeffrey Erman, Vijay Gopalakrishnan, Rittwik Jana, K. K. Ramakrishnan “Towards a
SPDY’ier mobile web?.” Proceedings of 9th ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT’13), December 2013.
4. un deuxieme article technique(Sec. 5.4) qui creuse les resultats de SPDY dans un contexte Internet
Xiao Sophia Wang, Aruna Balasubramanian, Arvind Krishnamurthy, and David
Wetherall, “How Speedy is SPDY? ” Proceedings of the 11th USENIX Conference
on Networked Systems Design and Implementation (NSDI’14). April 2014.
La lecture de ces documents devrait:
1. cristaliser votre vision concernant les limites actuels de HTTP/1.0 et HTTP/1.1
2. vous informer sur le fait que SPDY est efficace (ou pas?) à resoudre ces problemes
Les questions QCM de l’examen sur ces LO exploreront ces deux aspects.
5.1 SPDY (Google whitepaper)
SPDY: An experimental protocol for a faster web -...
http://dev.chromium.org/spdy/spdy-whitepaper
The Chromium Projects
Home
SPDY >
Chromium
SPDY: An experimental protocol for a faster web
Chromium OS
Quick links
Report bugs
Discuss
Sitemap
Other sites
Chromium Blog
Google Chrome
Extensions
Executive summary
As part of the "Let's make the web faster" initiative, we are experimenting with alternative protocols to help reduce the latency of web pages. One of these experiments is
SPDY (pronounced "SPeeDY"), an application-layer protocol for transporting content over the web, designed specifically for minimal latency. In addition to a specification of
the protocol, we have developed a SPDY-enabled Google Chrome browser and open-source web server. In lab tests, we have compared the performance of these applications
over HTTP and SPDY, and have observed up to 64% reductions in page load times in SPDY. We hope to engage the open source community to contribute ideas, feedback, code,
and test results, to make SPDY the next-generation application protocol for a faster web.
Google Chrome Frame
Except as otherwise noted, the
content of this page is licensed
under a Creative Commons
Attribution 2.5 license, and
examples are licensed under
the BSD License.
Background: web protocols and web latency
Today, HTTP and TCP are the protocols of the web. TCP is the generic, reliable transport protocol, providing guaranteed delivery, duplicate suppression, in-order delivery, flow
control, congestion avoidance and other transport features. HTTP is the application level protocol providing basic request/response semantics. While we believe that there may
be opportunities to improve latency at the transport layer, our initial investigations have focussed on the application layer, HTTP.
Unfortunately, HTTP was not particularly designed for latency. Furthermore, the web pages transmitted today are significantly different from web pages 10 years ago and
demand improvements to HTTP that could not have been anticipated when HTTP was developed. The following are some of the features of HTTP that inhibit optimal
performance:
Single request per connection. Because HTTP can only fetch one resource at a time (HTTP pipelining helps, but still enforces only a FIFO queue), a server delay of 500
ms prevents reuse of the TCP channel for additional requests. Browsers work around this problem by using multiple connections. Since 2008, most browsers have
finally moved from 2 connections per domain to 6.
Exclusively client-initiated requests. In HTTP, only the client can initiate a request. Even if the server knows the client needs a resource, it has no mechanism to inform
the client and must instead wait to receive a request for the resource from the client.
Uncompressed request and response headers. Request headers today vary in size from ~200 bytes to over 2KB. As applications use more cookies and user agents
expand features, typical header sizes of 700-800 bytes is common. For modems or ADSL connections, in which the uplink bandwidth is fairly low, this latency can be
significant. Reducing the data in headers could directly improve the serialization latency to send requests.
Redundant headers. In addition, several headers are repeatedly sent across requests on the same channel. However, headers such as the User-Agent, Host, and Accept*
are generally static and do not need to be resent.
Optional data compression. HTTP uses optional compression encodings for data. Content should always be sent in a compressed format.
Previous approaches
SPDY is not the only research to make HTTP faster. There have been other proposed solutions to web latency, mostly at the level of the transport or session layer:
Stream Control Transmission Protocol (SCTP) -- a transport-layer protocol to replace TCP, which provides multiplexed streams and stream-aware congestion control.
HTTP over SCTP -- a proposal for running HTTP over SCTP. Comparison of HTTP Over SCTP and TCP in High Delay Networks describes a research study comparing the
performance over both transport protocols.
Structured Stream Transport (SST) -- a protocol which invents "structured streams": lightweight, independent streams to be carried over a common transport. It
replaces TCP or runs on top of UDP.
MUX and SMUX -- intermediate-layer protocols (in between the transport and application layers) that provide multiplexing of streams. They were proposed years ago at
the same time as HTTP/1.1.
These proposals offer solutions to some of the web's latency problems, but not all. The problems inherent in HTTP (compression, prioritization, etc.) should still be fixed,
regardless of the underlying transport protocol. In any case, in practical terms, changing the transport is very difficult to deploy. Instead, we believe that there is much
low-hanging fruit to be gotten by addressing the shortcomings at the application layer. Such an approach requires minimal changes to existing infrastructure, and (we
think) can yield significant performance gains.
Goals for SPDY
The SPDY project defines and implements an application-layer protocol for the web which greatly reduces latency. The high-level goals for SPDY are:
To target a 50% reduction in page load time. Our preliminary results have come close to this target (see below).
To minimize deployment complexity. SPDY uses TCP as the underlying transport layer, so requires no changes to existing networking infrastructure.
To avoid the need for any changes to content by website authors. The only changes required to support SPDY are in the client user agent and web server applications.
To bring together like-minded parties interested in exploring protocols as a way of solving the latency problem. We hope to develop this new protocol in partnership with
the open-source community and industry specialists.
Some specific technical goals are:
To allow many concurrent HTTP requests to run across a single TCP session.
To reduce the bandwidth currently used by HTTP by compressing headers and eliminating unnecessary headers.
To define a protocol that is easy to implement and server-efficient. We hope to reduce the complexity of HTTP by cutting down on edge cases and defining easily
parsed message formats.
To make SSL the underlying transport protocol, for better security and compatibility with existing network infrastructure. Although SSL does introduce a latency
penalty, we believe that the long-term future of the web depends on a secure network connection. In addition, the use of SSL is necessary to ensure that
communication across existing proxies is not broken.
To enable the server to initiate communications with the client and push data to the client whenever possible.
SPDY design and features
SPDY adds a session layer atop of SSL that allows for multiple concurrent, interleaved streams over a single TCP connection.
The usual HTTP GET and POST message formats remain the same; however, SPDY specifies a new framing format for encoding and transmitting the data over the wire.
Streams are bi-directional, i.e. can be initiated by the client and server.
SPDY aims to achieve lower latency through basic (always enabled) and advanced (optionally enabled) features.
Basic features
1 of 4
09/19/2014 09:59 AM
238
D. Rossi – RES224
SPDY: An experimental protocol for a faster web -...
http://dev.chromium.org/spdy/spdy-whitepaper
Multiplexed streams
SPDY allows for unlimited concurrent streams over a single TCP connection. Because requests are interleaved on a single channel, the efficiency of TCP is much
higher: fewer network connections need to be made, and fewer, but more densely packed, packets are issued.
Request prioritization
Although unlimited parallel streams solve the serialization problem, they introduce another one: if bandwidth on the channel is constrained, the client may block
requests for fear of clogging the channel. To overcome this problem, SPDY implements request priorities: the client can request as many items as it wants from the
server, and assign a priority to each request. This prevents the network channel from being congested with non-critical resources when a high priority request is
pending.
HTTP header compression
SPDY compresses request and response HTTP headers, resulting in fewer packets and fewer bytes transmitted.
Advanced features
In addition, SPDY provides an advanced feature, server-initiated streams. Server-initiated streams can be used to deliver content to the client without the client needing to ask
for it. This option is configurable by the web developer in two ways:
Server push.
SPDY experiments with an option for servers to push data to clients via the X-Associated-Content header. This header informs the client that the server is pushing a
resource to the client before the client has asked for it. For initial-page downloads (e.g. the first time a user visits a site), this can vastly enhance the user
experience.
Server hint.
Rather than automatically pushing resources to the client, the server uses the X-Subresources header to suggest to the client that it should ask for specific resources,
in cases where the server knows in advance of the client that those resources will be needed. However, the server will still wait for the client request before sending
the content. Over slow links, this option can reduce the time it takes for a client to discover it needs a resource by hundreds of milliseconds, and may be better for
non-initial page loads.
For technical details, see the SPDY draft protocol specification.
SPDY implementation: what we've built
This is what we have built:
A high-speed, in-memory server which can serve both HTTP and SPDY responses efficiently, over TCP and SSL. We will be releasing this code as open source in
the near future.
A modified Google Chrome client which can use HTTP or SPDY, over TCP and SSL. The source code is at http://src.chromium.org/viewvc/chrome/trunk/src/net
/spdy/. (Note that code currently uses the internal code name of "flip"; this will change in the near future.)
A testing and benchmarking infrastructure that verifies pages are replicated with high fidelity. In particular, we ensure that SPDY preserves origin server headers,
content encodings, URLs, etc. We will be releasing our testing tools, and instructions for reproducing our results, in the near future.
Preliminary results
With the prototype Google Chrome client and web server that we developed, we ran a number of lab tests to benchmark SPDY performance against that of HTTP.
We downloaded 25 of the "top 100" websites over simulated home network connections, with 1% packet loss. We ran the downloads 10 times for each site, and calculated
the average page load time for each site, and across all sites. The results show a speedup over HTTP of 27% - 60% in page load time over plain TCP (without SSL), and
39% - 55% over SSL.
Table 1: Average page load times for top 25 websites
DSL 2 Mbps downlink, 375 kbps uplink
Cable 4 Mbps downlink, 1 Mbps uplink
Average ms
Average ms
Speedup
Speedup
HTTP
3111.916
2348.188
SPDY basic multidomain* connection /
TCP
2242.756
27.93%
1325.46
43.55%
SPDY basic singledomain* connection /
TCP
1695.72
45.51%
933.836
60.23%
SPDY single-domain +
server push / TCP
1671.28
46.29%
950.764
59.51%
SPDY single-domain +
server hint / TCP
1608.928
48.30%
856.356
63.53%
SPDY basic singledomain / SSL
1899.744
38.95%
1099.444
53.18
SPDY single-domain +
client prefetch / SSL
1781.864
42.74%
1047.308
55.40%
* In many cases, SPDY can stream all requests over a single connection, regardless of the number of different domains from which requested resources originate. This
allows for full parallelization of all downloads. However, in some cases, it is not possible to collapse all domains into a single domain. In this case, SPDY must still open a
connection for each domain, incurring some initial RTT overhead for each new connection setup. We ran the tests in both modes: collapsing all domains into a single
domain (i.e. one TCP connection); and respecting the actual partitioning of the resources according to the original multiple domains (= one TCP connection per domain).
We include the results for both the strict "single-domain" and "multi-domain" tests; we expect real-world results to lie somewhere in the middle.
The role of header compression
Header compression resulted in an ~88% reduction in the size of request headers and an ~85% reduction in the size of response headers. On the lower-bandwidth DSL
link, in which the upload link is only 375 Kbps, request header compression in particular, led to significant page load time improvements for certain sites (i.e. those that
issued large number of resource requests). We found a reduction of 45 - 1142 ms in page load time simply due to header compression.
The role of packet loss and round-trip time (RTT)
We did a second test run to determine if packet loss rates and round-trip times (RTTs) had an effect on the results. For these tests, we measured only the cable link, but
simulated variances in packet loss and RTT.
We discovered that SPDY's latency savings increased proportionally with increases in packet loss rates, up to a 48% speedup at 2%. (The increases tapered off above the
2% loss rate, and completely disappeared above 2.5%. In the real world, packets loss rates are typically 1-2%, and RTTs average 50-100 ms in the U.S.) The reasons that
2 of 4
09/19/2014 09:59 AM
5.1 SPDY (Google whitepaper)
SPDY: An experimental protocol for a faster web -...
http://dev.chromium.org/spdy/spdy-whitepaper
SPDY does better as packet loss rates increase are several:
SPDY sends ~40% fewer packets than HTTP, which means fewer packets affected by loss.
SPDY uses fewer TCP connections, which means fewer chances to lose the SYN packet. In many TCP implementations, this delay is disproportionately expensive (up
to 3 s).
SPDY's more efficient use of TCP usually triggers TCP's fast retransmit instead of using retransmit timers.
We discovered that SPDY's latency savings also increased proportionally with increases in RTTs, up to a 27% speedup at 200 ms. The The reason that SPDY does better as
RTT goes up is because SPDY fetches all requests in parallel. If an HTTP client has 4 connections per domain, and 20 resources to fetch, it would take roughly 5 RTs to
fetch all 20 items. SPDY fetches all 20 resources in one RT.
Table 2: Average page load times for top 25 websites by packet loss rate
Average ms
Speedup
Packet loss rate
HTTP
SPDY basic (TCP)
0%
1152
1016
0.5%
1638
1105
32.54%
1%
2060
1200
41.75%
11.81%
1.5%
2372
1394
41.23%
2%
2904
1537
47.7%
2.5%
3028
1707
43.63%
Table 3: Average page load times for top 25 websites by RTT
Average ms
Speedup
RTT in ms
HTTP
SPDY basic (TCP)
20
1240
1087
12.34%
40
1571
1279
18.59%
60
1909
1526
20.06%
80
2268
1727
23.85%
120
2927
2240
23.47%
160
3650
2772
24.05%
200
4498
3293
26.79%
SPDY next steps: how you can help
Our initial results are promising, but we don't know how well they represent the real world. In addition, there are still areas in which SPDY could improve. In particular:
Bandwidth efficiency is still low. Although dialup bandwidth efficiency rate is close to 90%, for high-speed connections efficiency is only about ~32%.
SSL poses other latency and deployment challenges. Among these are: the additional RTTs for the SSL handshake; encryption; difficulty of caching for some proxies.
We need to do more SSL tuning.
Our packet loss results are not conclusive. Although much research on packet-loss has been done, we don't have enough data to build a realistic model model for
packet loss on the Web. We need to gather this data to be able to provide more accurate packet loss simulations.
SPDY single connection loss recovery sometimes underperforms multiple connections. That is, opening multiple connections is still faster than losing a single
connection when the RTT is very high. We need to figure out when it is appropriate for the SPDY client to make a new connection or close an old connection and
what effect this may have on servers.
The server can implement more intelligence than we have built in so far. We need more research in the areas of server-initiated streams, obtaining client network
information for prefetching suggestions, and so on.
To help with these challenges, we encourage you to get involved:
Send feedback, comments, suggestions, ideas to the chromium-discuss discussion group.
Download, build, run, and test the Google Chrome client code.
Contribute improvements to the code base.
SPDY frequently asked questions
Q: Doesn't HTTP pipelining already solve the latency problem?
A: No. While pipelining does allow for multiple requests to be sent in parallel over a single TCP stream, it is still but a single stream. Any delays in the processing of anything
in the stream (either a long request at the head-of-line or packet loss) will delay the entire stream. Pipelining has proven difficult to deploy, and because of this remains
disabled by default in all of the major browsers.
Q: Is SPDY a replacement for HTTP?
A: No. SPDY replaces some parts of HTTP, but mostly augments it. At the highest level of the application layer, the request-response protocol remains the same. SPDY still uses
HTTP methods, headers, and other semantics. But SPDY overrides other parts of the protocol, such as connection management and data transfer formats.
Q: Why did you choose this name?
A: We wanted a name that captures speed. SPDY, pronounced "SPeeDY", captures this and also shows how compression can help improve speed.
Q: Should SPDY change the transport layer?
A: More research should be done to determine if an alternate transport could reduce latency. However, replacing the transport is a complicated endeavor, and if we can
overcome the inefficiencies of TCP and HTTP at the application layer, it is simpler to deploy.
Q: TCP has been time-tested to avoid congestion and network collapse. Will SPDY break the Internet?
A: No. SPDY runs atop TCP, and benefits from all of TCP's congestion control algorithms. Further, HTTP has already changed the way congestion control works on the
Internet. For example, HTTP clients today open up to 6 concurrent connections to a single server; at the same time, some HTTP servers have increased the initial congestion
window to 4 packets. Because TCP independently throttles each connection, servers are effectively sending up to 24 packets in an initial burst. The multiple connections
side-step TCP's slow-start. SPDY, by contrast, implements multiple streams over a single connection.
Q: What about SCTP?
A: SCTP is an interesting potential alternate transport, which offers multiple streams over a single connection. However, again, it requires changing the transport stack, which
will make it very difficult to deploy across existing home routers. Also, SCTP alone isn't the silver bullet; application-layer changes still need to be made to efficiently use the
channel between the server and client.
Q: What about BEEP?
A: While BEEP is an interesting protocol which offers a similar grab-bag of features, it doesn't focus on reducing the page load time. It is missing a few features that make this
3 of 4
09/19/2014 09:59 AM
240
D. Rossi – RES224
SPDY: An experimental protocol for a faster web -...
http://dev.chromium.org/spdy/spdy-whitepaper
possible. Additionally, it uses text-based framing for parts of the protocol instead of binary framing. This is wonderful for a protocol which strives to be as extensible as
possible, but offers some interesting security problems as it is more difficult to parse correctly.
Sign in | Recent Site Activity | Report Abuse | Print Page | Powered By Google Sites
4 of 4
09/19/2014 09:59 AM
5.2 SPDY (CACM’12)
contributed articles
Improved performance and a proven
deployment strategy make SPDY a potential
successor to HTTP.
By Bryce Thomas, Raja Jurdak, and Ian Atkinson
SPDYing
Up the
Web
little resemblance to the Web
of a decade ago. A Web page today encapsulates
tens to hundreds of resources pulled from multiple
domains. JavaScript is the technological staple of Web
applications, not a tool for frivolous animation.
Users access the Web from diverse device form factors,
while browsers have improved dramatically. A constant
throughout this evolution is the underlying applicationlayer protocol—HTTP—providing fertile ground
for Web growth and evolution but was designed at a
time of far less page complexity. Moreover, HTTP is
not optimal, with pages taking longer to load. Studies
over the past five years suggest even 100 milliseconds
To d ay ’ s W eb b e a rs
64
co m m un i cat i o n s o f th e acm
| d ec em b er 2 01 2 | vo l . 55 | n o. 12
additional delay can have a quantifiably negative effect on Web use,9 spurring interest in improving Web performance. One such effort is SPDY, a
potential successor to HTTP championed by Google that requires both client and server changes, a formidable
hurdle to widespread adoption. However, early client support from major
browsers Chrome and Firefox suggests
SPDY is a protocol being taken seriously. Though server support for SPDY
is growing through projects like mod_
spdy12 truly widespread server adoption is likely to take time. In the interim, SPDY gateways are emerging as a
compelling transition strategy, promising to accelerate SPDY adoption by
functioning as a translator between
SPDY-enabled clients and non-SPDYenabled servers (see Figure 1). A variety
of incentives motivate organizations to
deploy and users to adopt SPDY gateways, as described here.
SPDY (pronounced SPeeDY) is an
experimental low-latency applicationlayer protocol27 designed by Google
and introduced in 2009 as a drop-in
replacement for HTTP on clients and
servers. SPDY retains the semantics
of HTTP, allowing content to remain
unchanged on servers while adding request multiplexing and prioritization,
header compression, and server push
of resources. Since 2009, SPDY has undergone metamorphosis from press release written and distributed by Google
to production protocol implemented
by some of the highest-profile players
on the Web.
Figure 2 is a timeline of SPDY milestones, first appearing publicly in a
key insights
S PDY seeks to improve Web page
load times by making fewer round trips
to the server.
C lient-side browser support for SPDY
has grown rapidly since 2009, and SPDY
gateways offer a transition strategy that
does not rely on server-side support.
O pen SPDY gateways are an opportunity
for organizations to capitalize on the
behavioral browsing data they produce.
Im ag e by Vla ditto
d o i: 1 0 .1 1 4 5/ 2 38 0 65 6 .2 38 0 67 3
242
D. Rossi – RES224
5.2 SPDY (CACM’12)
contributed articles
Figure 1. SPDY gateway translates between SPDY-capable clients and conventional HTTP
servers.
situated on high-speed
Internet backbone
nytimes.com
HTTP
SPDY Gateway
HTTP
facebook.com
SPDY
HTTP
netflix.com
Figure 2. Timeline of SPDY-related development milestones.
Open-source iOS
SPDY client library
commissioned by
SPDY author
Mike Belshe
November 2009 post6 on the Google
Chromium blog (http://blog.chromium.org) describing the protocol as
“an early-stage research project,” part
of Google’s effort to “make the Web
faster.” By September 2010, SPDY
had been implemented in the stable
version of the Google Chrome browser,14 and by February 2011, Google
quietly flipped the server-side switch
on SPDY, using the protocol to serve
major services (such as Gmail, Maps,
and search) to Chrome and other
SPDY-enabled clients.4 In February
2011, the Android Honeycomb mobile Web browser received client-side
SPDY support, also with little publicity.13 In September 2011, Amazon announced its Kindle Fire tablet, along
with the Silk Web browser that speaks
SPDY to Amazon cloud servers.3 In
January 2012, Mike Belshe, SPDY coauthor, commissioned development
66
co mm un i cat i o n s o f th e ac m
01
2
ar
.2
.2
01
2
SPDY
implemented in
Mozilla Firefox
browser
Fe
b
01
1
Se
pt
.2
1
.2
01
Fe
b
0
.2
01
pt
Se
No
v.
2
00
9
SPDY
announced as
“early-stage
research
project”
Amazon
Google begins
announces
serving Search, Kindle Fire tablet
Gmail, Maps,
using SPDY
and other major between client
services over
SPDY
devices and
SPDY to
implemented
Amazon servers
in Google Chrome compatible
to accelerate
clients
browser
browsing
M
SPDY implemented
in Google Android
Honeycomb browser
of an open-source Apple iOS SPDY client library.20 In March 2012, Firefox
11 implemented the SPDY protocol,19
which, by June 2012, was enabled by
default in Firefox 13,22 bringing combined client-side support (Chrome +
Firefox) to approximately 50% of the
desktop browser market25 (see Figure
3). SPDY is currently an Internet Engineering Task Force (IETF) Internet
draft in its third revision.7
SPDY’s rapid client adoption is impressive, though server adoption lags
considerably. SPDY gateways offer a
promising transition strategy, bringing many of SPDY’s benefits to clients
without requiring server support.
The incentive for clients to use SPDY
gateways is simple: a faster and more
secure browsing experience; SPDY is
generally deployed over SSL for reasons discussed later. There are also
commercial incentives for companies
| dec emb er 2 0 12 | vo l . 5 5 | n o. 12
worldwide to deploy SPDY gateways
on the high-speed Internet. Contentdelivery networks have begun offering SPDY gateway services to Web
site owners as a means of accelerating the performance (as experienced
by users) of their HTTP Web sites.1,26
Vendors of mobile devices might deploy SPDY gateways to accelerate the
notoriously slow high-latency mobile
browsing experience, a marketable
feature. Even more intriguing are
the incentives for large Web companies to deploy open (publicly available) SPDY gateways to collect and
mine rich information about users’
Web-browsing behavior, a lucrative
commodity in the business of online
advertising. Interestingly, the SPDY
gateway’s ability to aggregate certain
critical resources may provide benefits above and beyond regular SPDY,
as described later.
SPDY Protocol
SPDY is designed primarily to address
performance inhibitors inherent in
HTTP, including HTTP’s poor support
for pipelining and prioritization, the
inability to send compressed headers,
and lack of resource push capabilities.
SPDY’s hallmark features—request
multiplexing/prioritization,
header
compression, and server push—are described in the following sections:
Request multiplexing and prioritization. SPDY multiplexes requests and responses over a single TCP connection
in independent streams, with request
multiplexing inspired by HTTP pipelining while removing several limitations. HTTP pipelining allows multiple
HTTP requests to be sent over a TCP
connection without waiting for corresponding responses (see Figure 4).
Though pipelining has been specified
since the 1999 HTTP 1.1 RFC,11 Opera
is the only browser that both implements the feature and enables it by default. Other major browsers either do
not implement pipelining or disable
pipelining by default, as compatibility
with older Web proxies and servers is
problematic. Besides a lack of widespread adoption, HTTP pipelining also
suffers from head-of-line blocking, as
the specification mandates resources
be returned in the order they are requested, meaning a large resource, or
one associated with a time-consuming
244
D. Rossi – RES224
contributed articles
though each involves certain shortcomings; for example, data URIs allow
inlining resources (such as images)
into the main HTML but are not cacheable and increase resource size by approximately 33%. Another technique,
Comet, opens a long-held connection
to the server8 through which arbitrary resources may be pushed but requires an additional initial round trip.
Bleeding-edge technologies (such as
Web Sockets28 and resource prefetching15,21) also enable push-like behavior
but, like Comet, require an additional
round trip to establish such behavior.
A universal limitation of current techniques is they break resource modu-
tionary based on a priori knowledge of
common HTTP headers.29
Server push. This advanced feature
of SPDY allows the server to initiate
resource transfer, rather than having
to wait until a corresponding client
request is received; Figure 8 outlines
a server using it to push a resource to
the client that would be requested imminently regardless. Server push saves
superfluous round trips by relying on
the server’s knowledge of resource dependencies to determine what should
be sent to the client.
Performance engineers have employed a range of techniques to try to
achieve push-like behavior over HTTP,
Figure 3. Global browser usage share, as recorded by StatCounter (http://gs.statcounter.
com/#browser-ww-monthly-201103-201202); in February 2012, Chrome had 29.84% and
Firefox 24.88%.
StatCounter Global Stats
Top five browsers, Feb. 2011 to Feb. 2012
IE
50%
Firefox
Chrome
Safari
Opera
Other (dotted)
40%
30%
20%
10%
12
2
11
01
20
Fe
b.
.2
Ja
n
1
01
20
De
c.
1
11
v.
2
No
20
01
.2
Oc
t.
20
11
20
11
Se
pt
Ju
ly
11
Ju
ly
Ju
M
ay
ne
20
20
11
11
20
ril
20
ch
ar
Ap
11
0%
M
back-end process, delays all other resources (see Figure 5).
SPDY implements pipelining without HTTP’s head-of-line blocking limitation. Resources transferred through
a SPDY connection are carried in annotated “streams,” or independent sequences of bidirectional data divided
into frames; annotated streams allow
SPDY to not only return resources in
any order but interleave resources over
a single TCP connection7 (see Figure 6).
SPDY also includes request prioritization, allowing the client to specify
that certain resources be returned with
a higher priority than others. Unlike
many quality-of-service mechanisms
that work on prioritizing packets in
queues at lower layers in the network
stack, SPDY prioritization works at the
application layer, designed to allow
the client to specify what is important.
One use of prioritization is to request
that resources that block progressive
page rendering (such as cascading
style sheets and JavaScript) be returned
with higher priority. Another use of prioritization is to increase the priority of
resources being downloaded for the
currently visible browser tab while decreasing priority of resources belonging to a currently loading but hidden
tab. A further implication of implementing priority at the application
layer is that a server can, at least theoretically, prioritize not only the order in
which resources are transmitted over
the wire but also the order in which resources are generated on the back-end
if the task is time intensive.
Header compression. HTTP requests
and responses all include a set of HTTP
headers that provide additional information about the request or response
(see Figure 7). There is significant redundancy in these headers across requests and responses; for example,
the “User-Agent” header describing
the user’s browser (such as Mozilla/5.0
compatible, MSIE 9.0, Windows NT
6.1, WOW64, and Trident/5.0 for Internet Explorer 9) is sent to the server
many times over. Likewise, cookie
headers, which describe state information about the client, are repeated
many times over across requests. Such
redundancy means HTTP headers tend
to compress relatively effectively. To
further improve compression, SPDY
seeds an out-of-band compression dic-
Figure 4. HTTP pipelining allows multiple concurrent requests, reducing the number of
round trips to the server.
no pipelining
client
pipelining
server
client
server
d ecem ber 2 012 | vo l. 55 | n o. 12 | com mu n icat ion s of t he acm
67
5.2 SPDY (CACM’12)
contributed articles
larity by inserting JavaScript, links, or
inlined content into the main HTML
document. SPDY push does not require modification of content to support push functionality.
SPDY Security
The SPDY protocol can be run over
either a secure (SSL encrypted) or insecure (non-encrypted) transport. In
practice, both philosophical views
Figure 5. Head-of-line blocking in HTTP pipelining; a large resource blocks subsequent
smaller resources (left), and a slow-to-generate resource blocks subsequent resources
(right).
client
server
client
server
RE
REQ A
REQ B
REQ C
RE
RE
backend
QA
QB
QC
loading A…
RES A
large
resource A
blocks
smaller
resource
B and C
SA
RE
SB
RE
RES B
SA
RE
SB
RE
RES C
SC
RE
A takes
a long time
to produce
blocking
B and C
SC
RE
Figure 6. Request multiplexing and prioritization in SPDY; resources are sent in chunks over
independent streams that can be interleaved and prioritized.
Client
Server
SYN stream 1
Priority 3
SYN stream 3
Priority 3
SYN reply 3
SYN reply 1
SYN stream 5
Priority 0
higher-priority
request
Data frame
[stream 1]
SYN reply 5
Data frame
[stream 5]
Data frame + fin
[stream 5]
Data frame
[stream 3]
Data frame + fin
[stream 1]
Data frame + fin
[stream 3]
68
co m m u ni cati o n s o f th e acm
Server can
respond in
any order
| dec emb er 2 0 12 | vo l . 5 5 | n o. 12
Server
interleaves
higher-priority
response frames
before completing
previous transfers
on the role of Web encryption and
pragmatism in handling real-world
deployment constraints have led to
primarily SSL-encrypted implementations. Mike Belshe, SPDY co-author,7 and Patrick McManus, principal SPDY implementer for Firefox,
have expressed their interest in seeing the Web transition to a “secure
by default” model.5,18 Proponents of
encrypted SPDY say SSL is no longer
computationally expensive16 and its
security benefits outweigh its communication overhead.
The pragmatic reason for deploying SPDY over SSL (port 443) rather
than HTTP (port 80) is that transparent HTTP proxies between the client
and the server handle HTTP upgrades
unreliably.13 Transparent HTTP proxies do not modify encrypted traffic on
SSL port 443 (as they do on port 80)
and so should not interfere with newer
protocols like SPDY. The rationale for
choosing port 443 over an arbitrary
port number is that port 443 appears to
traverse firewalls more effectively13 (see
Figure 9).
SPDY relies on the next-protocol negotiation (NPN)17 SSL extension to upgrade the SSL connection to the SPDY
protocol. NPN is currently an Internet
Engineering Task Force Internet Draft
and implemented in OpenSSL23; NPN
also allows negotiation of other competing future protocols. SSL implementations that do not currently support NPN simply ignore the request to
upgrade the protocol, retaining backward compatibility.
SPDY Performance
Only a handful of (publicly available)
studies quantitatively benchmark
SPDY against HTTP, all from the same
source—Google. Corroborating the
following results across different sites
represents important future work:
Google Chrome live A/B study. In
2011, Google benchmarked SPDY
against HTTP in real-life A/B tests
conducted through the Chrome
browser. From March 22 to April 5,
2011, Google configured “in the wild”
deployments of the Chrome 12 browser to randomly assign 95% of browser
instantiations to use SPDY for SPDYcapable sites; the other 5% of instantiations used HTTPS. Google researchers observed a 15.4% improvement in
246
D. Rossi – RES224
contributed articles
page-load time across browser instantiations using SPDY,13 though a caveat
was that domain names in the study
were neither recorded nor weighted.
Google itself is thought by Google developers to be the current dominant
consumer of server-side SPDY technology so is likely overrepresented
in these results. Google sites were, in
2011, already heavily optimized, suggesting the stated improvement was
likely conservative, though further
data is needed for confirmation.
Google’s second result from the
study was that (encrypted) SPDY is
faster than (unencrypted) HTTP for
Google’s AJAX search; Google researchers provided no further detail.
Google lab tests set one. Google performed a series of laboratory benchmarks of SPDY vs. HTTP under various
conditions, though unencrypted SPDY,
which would be expected to be faster
than encrypted SPDY, was compared
against HTTP, despite SPDY deployments being predominantly encrypted.
For simulated downloads of the top
45 pages on the Web (as recorded by
Alexa), Google in 2011 reported a 51%
reduction in uploaded bytes, 4% reduction in downloaded bytes, and 19%
reduction in total packets vs. HTTP.13
Uploaded bytes were significantly reduced due to SPDY’s header compression and the fact that HTTP headers
are amenable to strong compression.
Google reported that download bytes
were only marginally reduced, as most
downloaded content in its tests was
not headers and in many cases already
compressed. The reduction in total
packets is due to both a reduction in
overall bytes and the fact that SPDY
uses only a single connection, resulting in more “full” packets.
Google lab tests set two. A 2009
Google SPDY white paper14 described
simulated page-load time of SPDY
vs. HTTP for the Alexa top 25 Web
sites. The first test simulated SPDY
vs. HTTP with 1% packet loss over
simulated home-network connections. Unencrypted SPDY exhibited
27%–60% improvement in page-load
time, and encrypted (SSL) SPDY exhibited 39%–55% improvement in
page-load time. A second test determined how packet-loss affected SPDY
(unencrypted) vs. HTTP; at 0% packet
loss, SPDY was 11% faster, and at 2%
Figure 7. HTTP request and response with example headers; header keys (such as
“User-Agent”) and header values (such as a particular user agent string) are repeated
many times over on a typical connection so make good candidates for compression.
GET /pub/WWW/picture.jpg HTTP/1.1
Host: www.w3.org
…
Accept-Endcoding: gzip, deflate, sdch
User-agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2012 04:16:13 GMT
…
Server: Apache/2.2.3 (Red Hat)
Content-Type: image/jpeg
Figure 8. HTTP is unable to push resources to the client, even when it knows the client will
require them soon (left); SPDY server push allows the server to initiate the transfer of a
resource it believes the client will need soon (right).
Standard HTTP
SPDY Server
client
server
REQ e
xamp
ome
g
… <im …
html>
RES < anner.jpg" />
"b
=
rc
s
REQ e
xample
.com/b
anner.
jpg
jpg]
anner.
RES [b
server
REQ e
x
le.com
/h
Client
learns
it needs
banner.jpg
only after
parsing
html
client
packet loss SPDY was up to 47% faster.
A third test simulated SPDY vs. HTTP
as a function of round-trip time; for
example, for a 20ms round trip, SPDY
was 12% faster than HTTP, and for
a 200ms round trip, SPDY was 26%
faster; for a full exposition of these results, see Google.14
Questions on SPDY performance.
There is a conspicuous lack of results
describing how SPDY performs on
mobile devices. SPDY’s dominant performance improvements are due in
theory to reduced round trips between
client and server. Many mobile-carrier
technologies today exhibit latency several times that of their fixed-line and
Wi-Fi counterparts. By some projections, the majority of the developing
world will have its first Internet experi-
ample
[b
PUSH
.com/h
ome
jpg]
anner.
g
… <im tml>
/h
html>
RES < r.jpg" /> … <
e
n
an
src="b
Server
preempts
client’s
imminent
request for
banner.jpg
and pushes it,
removing
a round trip
ence through a mobile carrier, proliferating high-latency connections. In
theory, SPDY is ideally suited to these
high-latency mobile environments,
though real-world results are needed
for confirmation.
SPDY push-and-request prioritization is also underexplored. For push,
work is needed toward determining
how aggressive a server should preemptively push resources to the client.
For prioritization, no studies exist on
SPDY’s efficacy in tabbed browser environments where the currently visible
tab’s downloading resources could be
assigned higher priority.
SPDY Effect on TCP Connections
Though SPDY is an application-layer
protocol, it involves broader implica-
d ec ember 2 012 | vol. 55 | no. 12 | co mm un icat io ns o f t h e acm
69
5.2 SPDY (CACM’12)
contributed articles
tions and interesting interactions with
the TCP transport layer:
TCP connection proliferation in HTTP.
Prior to standardization of HTTP/1.1 in
1999, HTTP/1.0 permitted download-
ing only a single resource over a TCP
connection and only four concurrent
TCP connections to any given server.
HTTP/1.1 introduced persistent connections, allowing connection reuse
Figure 9. Real-world success rates of upgrading to newer protocols over various port
numbers, as measured by Google Chrome’s WebSocket team. Firewalls drop traffic on arbitrary new ports, and transparent proxies inhibit protocol upgrades over port 80.
86% of traffic works
dest-port 61985
firewalls can drop traffic
on arbitrary new ports
arbitrary new port
67% of traffic works
dest-port 80
standard HTTP port
transparent proxies often don’t
handle protocol upgrades correctly
95% of traffic works
dest-port 443
standard SSL port
SSL traverses
transparent proxies
unaltered
most firewalls
permit port 443
Figure 10. A SPDY gateway offers security between client and gateway regardless of the
security of the destination server.
SPDY
HTTP
Secure connection between
client and gateway, regardless
of destination server security
SPDY gateway to HTTP
server remains insecure
SPDY Gateway
unencrypted.com
plaintext.org
eavesdroppable.net
70
co m m un i cati o n s o f th e ac m
| d ec e mb er 2 01 2 | vo l . 5 5 | n o. 12
for multiple resources. HTTP/1.1 concomitantly reduced maximum concurrent TCP connections from four to two,
helping reduce server load and alleviate Internet congestion11 induced by
proliferation of short-lived TCP connections at the time. Unfortunately,
halving concurrent connections had
the adverse effect of reducing download parallelism. HTTP/1.1 envisaged
that the newly introduced HTTP pipelining would remedy the problem, but,
as described earlier, pipelining proved
difficult to implement and suffers from
head-of-line blocking, as in Figure 5.
Having only two concurrent connections creates a serious performance
bottleneck for modern high-speed
Internet connections and complex
Web sites. First, TCP slow-start, slowly
ramping up usable-connection bandwidth based on number of successfully received packets, is often overly
conservative in its initial bandwidth
allocation. Several round trips are
needed before the connection is saturated, by which time much of the content may have been downloaded already (at a slower-than-necessary rate).
Second, a typical modern Web page
encapsulates 10s or 100s of resources,
only two of which may be requested at
any given time. Without HTTP pipelining, requests cannot be queued on the
server, so each new request incurs an
additional round trip. Because most
Web resources are small, the roundtrip time to the server often dominates
over the time to receive the resource
from first to last byte.
Modern browsers break from the
HTTP/1.1 standard by allowing six or
more concurrent TCP connections
to a server. This allocation largely circumvents both previously outlined
problems—effective initial bandwidth
becoming TCP slow-start constant * 6
(rather than * 2) and fewer round trips
incurred due to higher request concurrency. A common practice among large
Web properties (such as Facebook,
Google, and Twitter) is to “shard”24 a
Web page’s resources across multiple
domains (such as img1.facebook,
img2.facebook, img3.facebook, and
img4.facebook) to subvert browser policy and obtain greater concurrency. In
a modern browser, a Web page sharded
across four domains can receive 4 * 6 =
24 concurrent TCP connections.
248
D. Rossi – RES224
contributed articles
TCP connection proliferation. Increasing concurrent connections
through browser policy and sharding
can improve page-load time but create
other problems. Though highly concurrent connections circumvent an overly
conservative slow start on a single TCP
connection, they may (in aggregate) exceed total available bandwidth, inducing packet loss. Moreover, the likelihood of losing a critical control packet
increases with the number of concurrent connections; for example, the TCP
SYN packet, which initiates a TCP connection, has a retransmission timeout
measured on the order of seconds if no
acknowledgment is received.
Highly concurrent TCP connections also decrease the likelihood of
fast retransmit being invoked under
packet loss. Fast retransmit is a TCP
enhancement that immediately resends a packet without waiting for
a fixed timeout delay if acknowledgments for several packets subsequent
to the lost packet are received. Highly concurrent connections obtain
less bandwidth individually than a
single long-lived connection and are
therefore less likely to receive and acknowledge enough packets in a short
enough duration to trigger fast re-
transmit. There is also less “body” in
each short-lived connection, increasing the likelihood that any packet loss
would occur near the end of a connection where too few acknowledgments
exist to trigger fast retransmit.
Finally, highly concurrent TCP connections create more connection states
to be maintained at various points in
the network, including at networkaddress-translation boxes, as well as
state binding processes to TCP port
numbers. In some instances, this state
can even cause poorly implemented
hardware and software to fail or misidentify the highly concurrent connection openings as a SYN flood (a type of
denial-of-service attack).10
SPDY elephant vs. HTTP mice. The
highly concurrent short-lived TCP flows
of modern HTTP fall into the category
of connections colloquially known as
“mice” flows. In contrast, SPDY is able
to use a single long-lived “elephant”
flow, as it can multiplex and prioritize
all requests over a single connection.
SPDY therefore retains the benefits of
highly concurrent HTTP connections,
without detrimental side effects.
A short-term disadvantage of SPDY’s single-connection approach is
inequitable TCP “backoff” compared
to competing applications still using
multiple TCP connections; for example, a backoff algorithm that responds
to packet loss by reducing the available
bandwidth of a connection by 50% will
likewise halve the total bandwidth
available to an application using a single SPDY TCP connection. The same
backoff algorithm applied to an application using 12 concurrent TCP connections would reduce the total available bandwidth to the application by
only 4% (1/24) of the connections. Connection proliferation should not be encouraged over the long term, though a
short-term mitigation strategy would
involve using a small number of concurrent SPDY connections. Long-term
research may look to address this issue
through smarter backoff algorithms
providing equitable treatment to applications, independent of the number of TCP connections.
Transitioning to SPDY
SPDY has been implemented in several
popular client browsers, most notably
Chrome and Firefox. Though server
support for SPDY continues to grow,
it has yet to reach the maturity and
adoption of client implementations.
SPDY gateways are one way to acceler-
Figure 11. A client can delegate DNS lookup to a SPDY gateway, helping minimize round trips.
No SPDY Gateway
client
With SPDY Gateway
DNS name server
transla
te exa
mple.c
om
3.10
192.0.4
.com is
le
p
m
a
ex
client
Client sends
request
without
translating
domain name
GET e
x
SPDY gateway
ample
.c
om/ho
m
GE
Te
xam
ple
.co
m/
ho
me
K
transla
te exa
mple.c
om
0
.0.43.1
is 192
le.com
examp
example.com
(192.0.43.10)
GET e
xamp
le.com
/home
example.com
(192.0.43.10)
0O
20
e
DNS name server
K
200 O
0
20
OK
d ecem be r 20 12 | vo l. 55 | n o. 12 | com mu n ic at ion s of t he ac m
71
5.2 SPDY (CACM’12)
contributed articles
ate SPDY adoption, providing many
SPDY performance and security advantages without requiring SPDY support
on the server. A SPDY gateway is an
explicit proxy that translates between
SPDY-enabled clients and HTTP-only
servers. By situating such a gateway on
the high-speed Internet, SPDY is used
over the slow “last mile” link between
the client and the Internet core. The
HTTP portion of the connection is in
turn isolated to the very-low-latency,
very-high-bandwidth link between the
gateway and the server, largely mitigating HTTP’s dominant performance
inhibitors. In addition to providing a
practical, viable SPDY transition solution, SPDY gateways also offer several
performance-enhancing features:
Secure connection to gateway, regardless of server-side SSL support. Because
SPDY operates over SSL, the client-togateway connection is secure, regardless of whether SSL is supported on
the destination server (see Figure 10).
Though the gateway-to-server connection could remain insecure, clients are
protected from common attacks (such
as eavesdropping on insecure Wi-Fi access points).
Single client-side connection across
all domains. As described earlier,
SPDY request multiplexing results in
dramatically fewer TCP connections
than HTTP browsers in use today.
However, clients still require at least
one new TCP connection for each new
server they contact. A SPDY gateway
can achieve even greater efficiency
than regular SPDY by multiplexing all
of a client’s requests to the gateway
over a single TCP connection covering
all servers.
A SPDY gateway might still create
multiple connections to a given HTTP
server to emulate pipelining and avoid
head-of-line blocking but isolate these
connections to the high-speed/lowlatency Internet core. A SPDY gateway
may also retain a small pool of TCP
connections to popular servers, allowing new client requests to be forwarded
immediately without incurring a new
TCP connection handshake or slowstart “warm-up.” Likewise, the client
needs to perform a single TCP connection handshake only with the gateway
and go through the slow-start warm-up
only once (as opposed to every time a
new server is contacted).
72
co m m u ni cati o ns o f t he ac m
Aside from offering
faster browsing
as a selling point,
Amazon and other
potential vendors
are likely interested
in the data mining
and advertising
opportunities
that come with
controlling
the gateway.
| d ec em ber 2 0 1 2 | vo l . 55 | n o. 1 2
Delegated DNS lookup. This performance enhancement specific to SPDY
gateways entails the gateway performing DNS translations from domain
names to server IP addresses on behalf
of the client, allowing the client to immediately send a request for a resource
to the gateway without knowing the
IP address of the server on which it
is hosted (see Figure 11). Being situated on the high-speed Internet, the
gateway is better positioned to quickly
translate the domain name to an IP address; moreover, a gateway that serves
a large number of users can cache the
IP addresses of popular domains.
Intelligent push. A SPDY gateway
can exploit its large user base to infer
resource dependencies, even across
domains. A regular SPDY-capable
server has a limited view of a user’s
browsing behavior, isolated to the
server itself. A gateway sees a user’s
requests for all servers so it can infer
complex patterns of cross-domain
navigation; for example, the gateway
could determine that 95% of users issuing a Google search query for “Twitter” proceed to twitter.com, and, given
this knowledge, the gateway then preemptively pushes resources from the
twitter.com homepage to the user.
In 2011, Amazon reported the Silk
browser on the Kindle Fire tablet already performed intelligent push of
this nature, called by Amazon “predictive rendering.”2
Caching. Like a transparent proxy,
a SPDY gateway can cache resources
such that subsequent requests for the
same resource are served without contacting the origin server.
SPDY gateways, a permanent fixture?
This description of SPDY gateways
highlights that in some respects gateways offer more attractive features than
SPDY directly between clients and servers, including four notable functions:
further reduction in TCP connections
over the last mile; pre-warming of TCP
connections; delegation of DNS translations to the fast Internet core; and
intelligent push and resource caching.
We suggest that gateways may have
a persistent role on the Web, beyond
mere transition strategy.
Future SPDY Gateways
Several companies have deployed
large SPDY gateways. Perhaps most
250
D. Rossi – RES224
contributed articles
notable is the gateway used by the default Silk browser on the Amazon Kindle
Fire tablet2; Silk proxies much of a
user’s Web traffic through an Amazon
SPDY gateway deployed on the Amazon Web Services cloud infrastructure.
Other examples are content-deliverynetwork/Web-acceleration providers
Contendo1 and Strangeloop,26 both
offering SPDY gateways as a service to
HTTP content providers.
Device-specific SPDY gateways. Amazon’s decision to couple the Kindle
Fire Silk browser to its own proprietary SPDY-based gateway begs the
question: Could, and will, other major
providers do the same? Could there
be, say, an Apple SPDY gateway for
iPhones and iPads or a Google SPDY
gateway for Android devices in the future? Could such gateways be in the
works already? The potential performance advantage of SPDY gateways
is particularly intriguing on such resource-constrained mobile devices.
The controlled “appliancized” nature
of the devices and their operating
systems would also simplify vendor
implementation. Aside from offering faster browsing as a selling point,
Amazon and other potential vendors
are likely interested in the data mining and advertising opportunities that
come with controlling the gateway.
Open SPDY gateways. Beyond device-specific gateways lies uncharted
though potentially lucrative territory—open SPDY gateways—that, like
an open proxy, are usable by anyone,
independent of device or platform.
Major Web companies have demonstrated that free and universal services
can be made profitable through related targeted advertising opportunities.
So, could SPDY gateways be turned
into another free, universal service
rendered profitable through bettertargeted advertising?
A limitation Web advertisers face
today is a restricted view of user activity on domains beyond their direct control. A SPDY gateway provides a vantage point from which to observe all
of a user’s Web activity, not just on domains under the advertiser’s control.
Major Web companies like Facebook
and Google track users across the Web
on third-party sites through partner
advertising scripts and other embeddable features (such as the “Like” but-
ton), but the picture is incomplete.
An open SPDY gateway would provide
advertisers missing pieces from the
browsing-behavior puzzle that could
be fed back into targeted-advertising
algorithms. While much the same
could be done using device-specific
SPDY gateways, an open SPDY gateway would provide insight into a much
larger user population. Interesting to
consider therefore is whether SPDY
gateways (much like search) could
become a universal service accessible
through a broad range of devices.
Conclusion
SPDY is a high-performance application-layer protocol and potential
successor to HTTP. Clients have been
quick to adopt it, though server implementations lag. SPDY gateways are
helping accelerate SPDY adoption by
removing the need for SPDY support
on the server. A range of compelling
incentives exists for deploying SPDY
gateways that are only beginning to
be explored. Beyond just a transition
strategy, SPDY gateways have performance characteristics that make
them attractive for longer-term use.
Whether such long-term advantages
compared to SPDY support on the
server are substantial enough to warrant retaining SPDY gateways is an
open question.
Acknowledgments
This work is supported in part by an
Australian Government Australian
Postgraduate Awards scholarship and
Commonwealth Scientific and Industrial Research Organisation Office of
the Chief Executive scholarship. The
authors would also like to thank the
anonymous reviewers for their valuable comments and suggestions. References
1.Akamai. Akamai Acquires Contendo. Press Release,
Mar. 2012; http://www.akamai.com/cotendo
2. Amazon. Amazon Silk FAQs; http://www.amazon.com/
gp/help/customer/display.html/?nodeId=200775440
3. Amazon. Introducing Amazon Silk; http://amazonsilk.
wordpress.com/2011/09/28/introducing-amazon-silk
4. Belshe, M. SPDY on Google servers?
Jan. 2011; https://groups.google.com/
forum/?fromgroups#!searchin/spdy-dev/SPDY$20on$
20Google$20servers?$20/spdy-dev/TCOW7Lw2scQ/
INuev2A-ixAJ
5. Belshe, M. SSL: It’s a matter of life and death. Mike’s
Lookout blog, May 28, 2011; http://www.belshe.
com/2011/05/28/ssl-its-a-matter-of-life-and-death/
6. Belshe, M. and Peon, R. A 2x faster Web. The
Chromium Blog, Nov. 11, 2009; http://blog.chromium.
org/2009/11/2x-faster-web.html
7. Belshe, M. and Peon, R. SPDY Protocol. Chromium
Projects, Feb. 2012; http://dev.chromium.org/spdy/
spdy-protocol/spdy-protocol-draft3
8. Bozdag, E., Mesbah, A., and van Duersen, A. A
comparison of push and pull techniques for AJAX
in Web site evolution. In Proceedings of the Ninth
IEEE International Workshop (Paris, Oct. 5–6). IEEE
Computer Society, Washington, D.C., 2007, 15–22.
9. Brutlag, J. Speed Matters for Google Web Search.
Technical Report, 2009; http://services.google.com/fh/
files/blogs/google_delayexp.pdf
10. Eddy, W. TCP SYN Flooding Attacks and Common
Mitigations. Internet Engineering Task Force, Aug.
2007; http://tools.ietf.org/html/rfc4987
11. Fielding, R. et al. Hypertext Transfer Protocol—
HTTP/1.1: Connections. World Wide Web Consortium,
June 1999; http://www.w3.org/Protocols/rfc2616/
rfc2616-sec8.html
12.Google Inc. mod-spdy: Apache SPDY module. May
2012; http://code.google.com/p/mod-spdy/
13.Google Inc. SPDY essentials. Dec. 2011; http://www.
youtube.com/watch?feature=player_detailpage&v=T
NBkxA313kk#t=2179s
14.Google Inc. The Chromium Projects. SPDY: An
Experimental Protocol for a Faster Web. White
Paper, 2009; http://www.chromium.org/spdy/spdywhitepaper
15. Komoroske, A. Prerendering in Chrome. The
Chromium Blog, June 2011; http://blog.chromium.
org/2011/06/prerendering-in-chrome.html
16. Langley, A. Overclocking SSL. Imperial Violet
Blog, June 25, 2010; http://www.imperialviolet.
org/2010/06/25/overclocking-ssl.html
17. Langley, A. Transport Layer Security Next Protocol
Negotiation Extension. Internet Engineering Task
Force, Mar. 30, 2011; http://tools.ietf.org/html/draftagl-tls-nextprotoneg-02
18.McManus, P. Maturing Web transport protocols with
SPDY and friends. Video of SPDY Talk at Codebits.
eu, Nov. 2011; http://bitsup.blogspot.com.au/2011/11/
video-of-spdy-talk-at-codebitseu.html
19.McManus, P. SPDY brings responsive and scalable
transport to Firefox 11. Mozilla Hacks blog, Feb.
2012; http://hacks.mozilla.org/2012/02/spdy-bringsresponsive-and-scalable-transport-to-firefox-11/
20.Morrison, J. SPDY for iPhone. GitHub, Inc., Jan. 2012;
https://github.com/sorced-jim/SPDY-for-iPhone
21.Mozilla Developer Network. Link prefetching FAQ.
Mar. 2003; https://developer.mozilla.org/en/Link_
prefetching_FAQ
22. Nyman, R. Firefox Aurora 13 is out—SPDY on by
default and a list of other improvements. Mar. 19,
2012; http://hacks.mozilla.org/2012/03/firefox-aurora13-is-out-spdy-on-by-default-and-a-list-of-otherimprovements/
23. OpenSSL. OpenSSL Cryptography and SSL/TLS
Toolkit. Mar. 2012; http://www.openssl.org/news/
changelog.html
24. Souders, S. Sharding dominant domains. Steve
Souders blog, May 12, 2009; http://www.stevesouders.
com/blog/2009/05/12/sharding-dominant-domains/
25. StatCounter. StatCounter GlobalStats, Feb.
2012; http://gs.statcounter.com/#browser-wwmonthly-201102-201202
26. Strangeloop Networks. Strangeloop. Mar. 2012; http://
www.strangeloopnetworks.com/products/overview/
27. The Chromium Projects. SPDY, Mar. 2012; http://dev.
chromium.org/spdy
28. World Wide Web Consortium. The WebSocket API:
Editor’s Draft 29 August 2012; http://dev.w3.org/
html5/websockets/
29. Yang, F., Amer, P., Leighton, J., and Belshe, M. A
Methodology to Derive SPDY’s Initial Dictionary for
Zlib Compression. University of Delaware, Newark, DE,
2012; http://www.eecis.udel.edu/~amer/PEL/poc/pdf/
SPDY-Fan.pdf
Bryce Thomas (bryce.m.thomas@gmail.com) is a Ph.D.
candidate in the Discipline of Information Technology at
James Cook University, Townsville, Queensland, Australia.
Raja Jurdak (raja.jurdak@csiro.au) is a researcher in
the Commonwealth Scientific and Industrial Research
Organisation and a professor in the University of
Queensland, Brisbane, Australia.
Ian Atkinson (ian.atkinson@jcu.edu.au) is a professor
and director of the eResearch Centre of James Cook
University, Townsville, Queensland, Australia.
© 2012 ACM 0001-0782/12/12
dece mber 2 012 | vo l. 55 | no. 12 | com mu n ication s o f t h e ac m
73
5.3 SPDY (CoNEXT’13)
Towards a SPDY’ier Mobile Web?
Jeffrey Erman, Vijay Gopalakrishnan, Rittwik Jana, K.K. Ramakrishnan
AT&T Labs – Research
One AT&T Way, Bedminster, NJ, 07921
{erman,gvijay,rjana,kkrama}@research.att.com
ABSTRACT
spite the plethora of ‘apps’, web access remains one of the
most important uses of the mobile internet. It is therefore
critical that the performance of the cellular data network be
tuned optimally for mobile web access.
The Hypertext Transfer Protocol (HTTP) is the key building block of the web. Its simplicity and widespread support
has catapulted it into being adopted as the nearly ‘universal’ application protocol, such that it is being considered
the narrow waist of the future internet [11]. Yet, despite its
success, HTTP suffers from fundamental limitations, many
of which arise from the use of TCP as its transport layer
protocol. It is well-established that TCP works best if a
session is long lived and/or exchanges a lot of data. This is
because TCP gradually ramps up the load and takes time
to adjust to the available network capacity. Since HTTP
connections are typically short and exchange small objects,
TCP does not have sufficient time to utilize the full network capacity. This is particularly exacerbated in cellular
networks where high latencies (hundreds of milliseconds are
not unheard off [18]) and packet loss in the radio access network is common. These are widely known to be factors that
impair TCP’s performance.
SPDY [7] is a recently proposed protocol aimed at addressing many of the inefficiencies with HTTP. SPDY uses
fewer TCP connections by opening one connection per domain. Multiple data streams are multiplexed over this single
TCP connection for efficiency. SPDY supports multiple outstanding requests from the client over a single connection.
SDPY servers transfer higher priority resources faster than
low priority resources. Finally, by using header compression,
SPDY reduces the amount of redundant header information
each time a new page is requested. Experiments show that
SPDY reduces page load time by as much as 64% on wired
networks and estimate as much as 23% improvement on cellular networks (based on an emulation using Dummynet) [7].
In this paper, we perform a detailed and systematic measurement study on real-world production cellular networks
to understand the benefits of using SPDY. Since most websites do not support SPDY – only about 0.9% of all websites use SPDY [15] – we deployed a SPDY proxy that functions as an intermediary between the mobile devices and web
servers. We ran detailed field measurements using 20 popular web pages. These were performed across a four month
span to account for the variability in the production cellular
network. Each of the measurements was instrumented and
set up to account for and minimize factors that can bias the
results (e.g., cellular handoffs).
Despite its widespread adoption and popularity, the Hypertext Transfer Protocol (HTTP) suffers from fundamental
performance limitations. SPDY, a recently proposed alternative to HTTP, tries to address many of the limitations
of HTTP (e.g., multiple connections, setup latency). With
cellular networks fast becoming the communication channel of choice, we perform a detailed measurement study to
understand the benefits of using SPDY over cellular networks. Through careful measurements conducted over four
months, we provide a detailed analysis of the performance
of HTTP and SPDY, how they interact with the various
layers, and their implications on web design. Our results
show that unlike in wired and 802.11 networks, SPDY does
not clearly outperform HTTP over cellular networks. We
identify, as the underlying cause, a lack of harmony between
how TCP and cellular networks interact. In particular, the
performance of most TCP implementations is impacted by
their implicit assumption that the network round-trip latency does not change after an idle period, which is typically not the case in cellular networks. This causes spurious
retransmissions and degraded throughput for both HTTP
and SPDY. We conclude that a viable solution has to account for these unique cross-layer dependencies to achieve
improved performance over cellular networks.
Categories and Subject Descriptors
C.2.2 [Computer-Communication Networks]: Network
Protocols—Applications; C.4 [Performance of Systems]:
Measurement techniques
Keywords
SPDY, Cellular Networks, Mobile Web
1.
INTRODUCTION
As the speed and availability of cellular networks grows,
they are rapidly becoming the access network of choice. DePermission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than
ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission
and/or a fee. Request permissions from permissions@acm.org.
CoNEXT’13, December 9–12, 2013, Santa Barbara, California, USA.
Copyright 2013 ACM 978-1-4503-2101-3/13/12 ...$15.00.
http://dx.doi.org/10.1145/2535372.2535399.
303
252
D. Rossi – RES224
Our main observation from the experiments is that, unlike
in wired and 802.11 WiFi networks, SPDY does not outperform HTTP. Most importantly, we see that the interaction
between TCP and the cellular network has the most impact
on performance. We uncover a fundamental flaw in TCP
implementations where they do not account for the high
variability in the latency when the radio transitions from
idle to active. Such latency variability is common in cellular
networks due to the use of a radio resource state machine.
The TCP Round-Trip Time (RTT) estimate and thus the
time out value is incorrect (significantly under-estimated)
after an idle period, triggering spurious retransmissions and
thus lower throughput.
The TCP connection and the cellular radio connection for
the end-device becomes idle because of users’ web browsing patterns (with a “think time” between pages [9]) and
how websites exchange data. Since SPDY uses a single long
lived connection, the TCP parameter settings at the end of
a download from one web site is carried over to the next site
accessed by the user. HTTP is less affected by this because
of its use of parallel connections (isolates impact to a subset
of active connections) and because the connections are short
lived (isolates impact going across web sites). We make the
case that a viable solution has to account for these unique
cross-layer dependencies to achieve improved performance
of both HTTP and SPDY over a cellular network.
The main contributions of this paper include:
With the original versions of HTTP, a single object was
downloaded per connection. HTTP version 1.1 introduced
the notion of persistent connections that have the ability to
reuse established TCP connections for subsequent requests
and the concept of pipelining. With persistence, objects are
requested sequentially over a connection as shown in Figure 1(b). Objects are not requested until the previous response has completed. However, this introduces the problem
of head-of-line (HOL) blocking where subsequent requests
get significantly delayed in waiting for the current response
to come back. Browsers attempt to minimize the impact of
HOL blocking by opening multiple concurrent connections
to each domain — most browsers today use six parallel connections — with an upper limit on the number of active
connections across all domains.
With pipelining, multiple HTTP requests can be sent to
a server together without waiting for the corresponding responses as shown in Figure 1(c). The client then waits for
the responses to arrive in the order in which they were requested. Pipelining can improve page load times dramatically. However, since the server is required to send its responses in the same order that the requests were received,
HOL blocking can still occur with pipelining. Some mobile
browsers have only recently started supporting pipelining.
2.2
• We conduct a systematic and detailed study over more
than four months on the performance of HTTP and
SPDY. We show that SPDY and HTTP perform similarly over cellular networks.
• We show that the interaction between the cellular network and TCP needs further optimization. In particular, we show that the RTT estimate, and thus the
retransmission time-out computation in TCP is incongruous with how the cellular network radio state machine functions.
• We also show that the design of web sites, where data
is requested periodically, also triggers TCP timeouts.
We also show that there exist dependencies in web
pages today that prevent the browser from fully utilizing SPDY’s capabilities.
2.
BACKGROUND
We present a brief background on how HTTP and SPDY
protocols work in this section. We use the example in Figure 1 to aid our description.
2.1
The SPDY Protocol
Even though HTTP is widely adopted and used today, it
suffers from several shortcomings (e.g., sequential requests,
HOL blocking, short-lived connections, lack of server initiated data exchange, etc.) that impact web performance,
especially on the cellular network.
SPDY [7] is a recently proposed application-layer protocol
for transporting content over the web with the objective
of minimizing latency. The protocol works by opening one
TCP connection per domain (or just one connection if going
via a proxy). SPDY then allows for unlimited concurrent
streams over this single TCP connection. Because requests
are interleaved on a single connection, the efficiency of TCP
is much higher: fewer network connections need to be made,
and fewer, but more densely packed, packets are issued.
SPDY implements request priorities to get around one object request choking up the connection. This is described in
Figure 1(d). After downloading the main page, and identifying the objects on the page, the client requests all four
objects in quick succession, but marks objects 3 and 4 to be
of higher priority. As a result, server transfers these objects
first thereby preventing the connection from being congested
with non-critical resources (objects 2 and 5) when high priority requests are pending. SPDY also allows for multiple
responses to be transferred as part of the same packet (e.g.
objects 2 and 5 in Figure 1(d)) can fit in a single response
packet can be served altogether. Finally, SPDY compresses
request and response HTTP headers and Server-initiated
data exchange. All of these optimizations have shown to
yield up to 64% reduction in page load times with SPDY [7].
The HTTP Protocol
The Hypertext Transfer Protocol (HTTP) is a stateless,
application-layer protocol for transmitting web documents.
It uses TCP as its underlying transport protocol. Figure 1(a)
shows an example web page which consists of the main
HTML page and four objects referred in that page. When
requesting the document, a browser goes through the typical TCP 3-Way handshake as depicted in Figures 1(b) and
(c). Upon receiving the main document, the browser parses
the document and identifies the next set of objects needed
for displaying the page. In this example there are four more
objects that need to be downloaded.
3. EXPERIMENTAL SETUP
We conducted detailed experiments comparing the performance of HTTP and SPDY on the 3G network of a commercial, production US cellular provider over a four month
period in 2013.
Figure 2 provides an overview of our test setup. Clients
in our setup connect over the cellular network using HTTP
304
5.3 SPDY (CoNEXT’13)
Client
Client
Server
2
SYN-AC
ACK
GET 1
GET 2
2
4
GET
GET
GET
GET
5
2
3
4
5
Server
SYN
K
SYN-AC
ACK
SSL / SP
DY Setu
p
SYN-AC
ACK
1
1
3
1
Client
K
K
GET 1
Server
SYN
SYN
GET 1
1
2
3
4
5
GET
GET
GET
GET
2
3
4
5
3
4
2 5
GET 5
5
(a) Example Web Page
(c) HTTP w/ Pipelining
(b) HTTP Persistent Conn.
(d) SPDY
Figure 1: Example showing how HTTP and SPDY work.
Test
Server
Cellular
Network
traversing a SPDY proxy. Depending on the experiment, we
explicitly configured Chrome to use either the HTTP or the
SPDY proxy. When using a HTTP proxy, Chrome opens
up to 6 parallel TCP connections to the proxy per domain,
with a maximum of 32 active TCP connections across all
domains. With SPDY, Chrome opens one SSL-encrypted
TCP connection and re-uses this connection to fetch web
objects. The connection is kept persistent and requests for
different websites re-use the connection.
Test Location: Cellular experiments are sensitive to a
lot of factors, such as signal strength, location of the device in a cell, the cell tower’s backhaul capacity, load on the
cell tower, etc. For example, a device at a cell edge may frequently get handed-off between towers, thereby contributing
to added delays. To mitigate such effects, we identified a cell
tower that had sufficient backhaul capacity and had minimal interference from other cell sites. For most of our experiments, we chose a physical location with an unobstructed
view of the tower and received a strong signal (between 47 and -52 dBm). We configured the 3G modem to remain
connected to that base station at that sector on a particular
channel frequency and used a diagnostic tool to monitor the
channel on that sector.
Proxies Used: We used a virtual machine running Linux
in a compute cloud on the east coast of US to host our proxies. At the time of our experiments, there were no proxy
implementations that supported both HTTP and SPDY.
Hence we chose implementations that are purported to be
widely used and the most competent implementations for
the corresponding protocols. We used Squid [2] (v3.1) as
our HTTP proxy. Squid supports persistent connections to
both the client and the server. However, it only supports a
rudimentary form of pipelining. For this reason, we did not
run experiments of HTTP with pipelining turned on. Our
comparisons are restricted to HTTP with multiple persistent
connections. For SPDY, we used a SPDY server built by
Google and made available as part of the Chromium source
tree. This server was used in the comparison [7] of SPDY
and HTTP and has since had extensions built in to support
proxying.1 We ran tcpdump to capture network level packet
traces and tcp-probe kernel module to capture TCP congestion window values from the proxy to the mobile device.
Internet
SPDY HTTP
Proxy Proxy
Cloud
Figure 2: Our test setup
or SPDY to proxies that support that corresponding protocol. These proxies then use persistent HTTP to connect to
the different web servers and fetch requested objects. We
run a SPDY and an HTTP proxy on the same machine
for a fair comparison. We use a proxy as an intermediary for two reasons: (a) We necessarily could not compare
SPDY and HTTP directly. There are relatively few web
sites that support SPDY. Moreover, a web server running
SPDY would not support HTTP and vice versa. Thus, we
would be evaluating connections to different servers which
could affect our results (depending on their load, number
of objects served, etc). (b) Most cellular operators in the
US already use HTTP proxies to improve web performance.
Running a SPDY proxy would allow operators to support
SPDY over the cellular network even if the web sites do not.
Test Devices: We use laptops running Windows 7 and
equipped with 3G (UMTS) USB cards as our client devices.
We ran experiments with multiple laptops simultaneously
accessing the test web sites to study the effect of multiple
users loading the network. There are several reasons we use
a laptop for our experiments. First, tablets and cellularequipped laptops are on the rise. These devices request
the regular web pages unlike smart phones. Second, and
more importantly, we wanted to eliminate the effects of a
slow processor as that could affect our results. For example,
studies [16] have shown that HTML, Javascript, and CSS
processing and rendering can delay the request of required
objects and significantly affect the overall page load time.
Finally, it has been observed [13] that having a slow processor increases the number of zero window advertisements,
which significantly affects throughput.
Test Client: We used a default installation of the Google
Chrome browser (ver 23.0) as the test client, as it supported
1
We also tested performance with a SOCKS proxy, but
found the results to be worse than both HTTP and SPDY.
305
254
D. Rossi – RES224
Total
Objs
134.8
160.6
143.8
121.6
45.2
163.4
115.8
157.7
5.1
59.3
122.1
29.4
63.4
167.8
323
267.1
218.5
33.6
68.7
163.2
Avg.
Size
(KB)
626.9
2197.3
1563.1
963.3
602.8
1594.5
1130.6
1184.5
56.2
719.7
1489.1
688.0
895.1
1130.5
1722.7
2311.0
4691.3
1664.8
2908.9
1653.8
Avg.
No. of
Domains
37.6
36.3
15.8
27.5
3.0
13.2
28.5
27.3
2.0
17.9
17.9
4.0
9.0
12.5
84.7
75.0
37.0
9.1
15.5
48.7
Avg.
Text
Objs
28.6
16.5
13.3
9.6
2.0
13.2
9.1
29.6
3.1
6.8
24.1
2.3
4.1
19.5
73.4
60.3
19.0
3.3
5.2
19.7
Avg.
JS/
CSS
41.3
28.0
36.8
18.3
18.0
36.4
49.5
28.3
2.0
7.0
21.0
10.0
15.0
94.0
73.6
56.9
56.3
6.7
23.8
45.3
Table 1: Characteristics of tested websites.
numbers are averaged across runs.
Avg.
Imgs/
Other
64.9
116.1
93.7
93.7
25.2
113.8
57.2
99.8
0.0
45.5
77.0
17.1
44.3
54.3
176.0
149.9
143.2
23.6
39.7
98.2
60000
40000
30000
20000
10000
0
1
2
3
4
5
6
7
8
9 10 11 12 13 14 15 16 17 18 19 20
Test Website
Figure 3: Page Load Time for different web sites
with HTTP and SPDY.
The
axis shows the different websites we tested; the y-axis is the
page load time in milliseconds. For each website, the (red)
box on the left shows the page load times for HTTP, while
the (blue) box on the right shows the times for SPDY. The
box plot gives the standard metrics: the 25 percentile, the 75
percentile and the black notch in the box is the median value.
The top and bottom of the whiskers shows the maximum
and minimum values respectively. Finally, the circle in these
boxes shows the mean page load time across all the runs.
The results from Figure 3, interestingly, do not show a
convincing winner between HTTP and SPDY. For some
sites, the page load time with SPDY is lower (e.g., 3, 7),
while for others HTTP performs better (e.g., 1, 4). But for
a large number of sites there isn’t a significant difference.2
This is in sharp contrast to existing results on SPDY where
it has been shown to have between 27-60% improvement [7].
Importantly, previous results have shown an average of 23%
reduction over emulated cellular networks [17].
Web Pages Requested: We identified the top web sites
visited by mobile users to run our tests (in the top Alexa
sites). Of these, we eliminated web sites that are primarily landing pages (e.g., Facebook login page) and picked the
remaining 20 most requested pages. These 20 web pages
have a good mix of news websites, online shopping and auction sites, photo and video sharing as well as professionally
developed websites of large corporations. We preferred the
“full” site instead of the mobile versions keeping in mind the
increasing proliferation of tablets and large screen smartphones. These websites contain anywhere from 5 to 323
objects, including the home page. The objects in these sites
were spread across 3 to 84 domains. Each web site had
HTML pages, Javascript objects, CSS and images. We tabulate important aspects of these web sites in Table 1.
Test Execution: We used a custom client that talks to
Chrome via the remote debugging interface and got Chrome
to load the test web pages. We generated a random order
in which to visit the 20 web sites and used that same order
across all experiments. Each website was requested 60 seconds apart. The page may take much shorter time to load;
in that case the system would be idle until the 60 second
window elapsed. We chose 60 seconds both to allow for web
pages to load completely and to reflect a nominal think time
that users take between requests.
We used page load time as the main metric to monitor
performance. Page load time is defined as the time it takes
the browser to download and process all the objects associated with a web page. Most browsers fire a javascript event
(onLoad()) when the page is loaded. The remote debugging
interface provided us the time to download the different objects in a web page. We alternated our test runs between
HTTP and SPDY to ensure that temporal factors do not
affect our results. We ran each experiment multiple times
during the typically quiet periods (e.g., 12 AM to 6 AM) to
mitigate effects of other users using the base station.
4.
HTTP
SPDY
50000
Page Load Time (in msec)
Website
Finance
Entertainment
Shopping
Portal
Technology
ISP
News
News
Shopping
Auction
Online Radio
Photo Sharing
Technology
Baseball
News
Football
News
Photo Sharing
Online Radio
Weather
4.0.1 Performance over 802.11 Wireless Networks
As a first step in explaining the result in Figure 3, we
wanted to ensure that the result was not an artifact of our
test setup or the proxies used. Hence, we ran the same experiments using the same setup, but over an 802.11g wireless
network connected to the Internet via a typical residential
broadband connection (15 Mbps down/ 2 Mbps up).
Figure 4 shows the average page load times and the 95%
confidence intervals. Like previous results [7], this result also
shows that SPDY performs better than HTTP consistently
with page load time improvements ranging from 4% for website 4 to 56% for website 9 (ignoring website 2). Since the
only difference between the two tests is the access network,
we conclude that our results in Figure 3 is a consequence of
how the protocols operate over the cellular network.
5. UNDERSTANDING THE CROSS-LAYER
INTERACTIONS
We look at the different components of the application and
the protocols that can affect performance. In the process we
EXPERIMENTAL RESULTS
We first compare the performance of SPDY and HTTP
using data collected from a week’s worth of experiments.
Since there was a lot of variability in the page load times,
we use a box plot to present the results in Figure 3. The x-
2
HTTP seems to perform quite poorly with site 2. Upon
investigation, we found that the browser would occasionally
stall on this site. These stalls happened more often with
HTTP than with SPDY resulting in increased times.
306
5.3 SPDY (CoNEXT’13)
14000
12000
10000
8000
6000
4000
2000
0
0
5
10
15
20
SPDY Wait
SPDY Recv
3000
2500
2000
1500
1000
500
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Web Site
Website
Figure 4:
Average Page Load Time over an
802.11g/Broadband network.
Figure 5: Split of average download times of objects
by constituent components.
observe that there are significant interdependencies between
the different layers (from browser behavior and web page
design, to TCP protocol implementations, to the intricacies
of the cellular network) that affect overall performance.
5.1
HTTP Recv
SPDY Init
SPDY Send
16000
Average Object Time (in msec)
Page Load Time (in msec)
HTTP Init
HTTP Send
HTTP Wait
HTTP
SPDY
18000
the proxy catches up in serving the requests to the client.
Figure 7 discussed in the next section shows this behavior.
5.2
Object download times
Web Page design and object requests
We now look at when different objects for a website are
requested by the browser. One of the performance enhancements SPDY allows is for all objects to be requested in parallel without waiting for the response of outstanding objects.
In contrast, HTTP has only one outstanding request per
TCP connection unless pipelining is enabled.
We plot the request time (i.e., the time the browser sends
out a request) for both HTTP and SPDY for four websites
(due to space considerations) in Figure 6. Two of these
are news websites and two contain a number of photos and
videos. SPDY, unlike what was expected, does not actually
request all the objects at the same time. Instead for three
of the four web sites, SPDY requests objects in steps. Even
for the one website where all the objects are requested in
quick succession, we observe a delay between the first request and the subsequent requests. HTTP, on the other
hand, requests objects continuously over time. The number
of objects it downloads in parallel depends on the number
of TCP connections the browser opens to each domain and
across all domains.
We attribute this sequence of object requests to how the
web pages are designed and how the browsers process them
to identify constituent objects. Javascript and CSS files introduce interdependencies by requesting other objects. Table 1 highlights that websites make heavy use of JavaScript
or CSS and contain anywhere from 2 to 73 different scripts
and stylesheets. The browser does not identify these further
objects until these files are downloaded and processed. Further, browsers process some of these files (e.g., Javascripts)
sequentially as these can change the layout of the page. This
results in further delays. The overall impact to page load
speeds depends on the number of such files in a web page,
and on the interdependencies in them.
To validate our assertion that SPDY is not requesting
all the objects at once because of these interdependencies
and also to understand better the higher wait time of objects, we built two test web pages that consist of only a
main HTML page and images which we placed on a test
server (see Fig. 2). There were a total of 50 objects that
The first result we study is the break down of the page
load time. Recall that, by default, the page load time is the
time it takes the browser to process and download all the
objects required for the web page. Hence, we look into the
average download time of objects on a given page. We split
the download time of the object into 4 steps: (a) the initialization step which includes the time from when the browser
realizes that it requires the object to when it actually requests the object, (b) the send step which includes the time
to actually send the request over the network, (c) the wait
time which is the time between sending the request till the
first byte of response, and finally (d) the receive time which
is the time to receive the object.
We plot the average time of these steps for the different
web sites in Figure 5. First, we see that the trends for average object download time are quite similar to that of page
load times (in Figure 3). This is not surprising given that
page load time is dependent on the object download times.
Next, we see that the send time is almost invisible for both
HTTP and SPDY indicating that sending the request happens very quickly. Almost all HTTP requests fit in one
TCP packet. Similarly almost all SPDY requests also fit in
a single TCP packet; even when the browser bundles multiple SPDY requests in one packet. Third, we see that receive
times with HTTP and SPDY are similar, with SPDY resulting in slightly better average receive times. We see that the
initialization time is much higher with HTTP because the
browser has to either open a new TCP connection to download the object (and add the delay of a TCP handshake), or
wait until it can re-use an existing TCP connection.
SPDY incurs very little initialization time because the
connection is pre-established. On the other hand, it incurs
a significant wait time. Importantly, this wait time is significantly higher than the initialization time for HTTP. This
negates any advantages SPDY gains by reusing connections
and avoiding connection setup. The wait times for SPDY
are much greater because multiple requests are sent together
or in close succession to the proxy. This increases delay as
307
256
D. Rossi – RES224
HTTP, same domain
50
50
40
40
30
30
80
80
20
20
40
40
10
10
120
0
100
120
1000
10000
News Website
300
HTTP
250
SPDY
200
150
100
50
0
100
1000
10000
0
100
1000
10000
Photos Website
140
120
HTTP
100 SPDY
80
60
40
20
0
100
1000
10000
Object ID
Cumulative Objects Requested
160
HTTP
SPDY
1 2 3 4 5 6 7 8
50
40
40
30
30
20
20
10
10
1
2
3
4
5
6
3
4
5
Figure 7: Object request and
download with test web pages.
Time between Request and First Byte
140
Data Download
120
Data Transfer
100
80
60
40
20
0
7
1 2 3 4 5 6 7 8 9
Time (in sec)
needed to be downloaded as part of the web page. We controlled the effect of domains by testing the two extremes: in
one web page, all the objects came from different domains,
while in the second extreme all the objects came from the
same domain. Figure 7 shows the results of these two tests.
Since there are no interdependencies in the web page, we
see that the browser almost immediately identifies all the
objects that need to be downloaded after downloading the
main HTML page (shown using red dots). SPDY then requests all the images on the page in quick succession (shown
in green dots) in both cases. HTTP on the other hand, is
affected by these extremes. When all objects are on different
domains, the browser opens one connection to each domain
up to a maximum number of connection (32 in the case of
Chrome). When all the objects are on the same domain,
browsers limit the number of concurrent connections (6 in
the case of Chrome) but reuse the connections.
Note that while the requests for SPDY are sent out earlier (green dots) than HTTP, SPDY has much more significant delay until the first byte of data is sent back to the
client (start of blue horizontal line). Moreover, we also observe especially in the different domain case, that if multiple objects are downloaded in parallel the time to receive
the objects (length of blue line) is increased. We find in
this experiment that removing all the interdependencies for
SPDY does not significantly improve the performance. In
our tests, HTTP had an average page load time of 5.29s and
6.80s with single vs multiple domains respectively. Conversely, SPDY averages 7.22s and 8.38s with single or multiple domain tests. Consequently, prioritization alone is not
a panacea to SPDY’s performance in cellular networks.
5.3
2
SPDY, same domain
50
Time from start (in msec)
Figure 6: Object request patterns for different websites.
1
SPDY, different domains
160
Object ID (in the order received at Proxy)
HTTP, different domains
Photos and Videos Website
HTTP
SPDY
News Website
160
0
1000
2000
3000
4000
Time (in msec)
5000
6000
7000
Figure 8: Queuing delay at the
proxy
0.45
Avg. Data Transferred (MB)
0.4
HTTP
SPDY
0.35
0.3
0.25
0.2
0.15
0.1
0.05
0
0
5
10
15
20
Time (min)
Figure 9: Average data transferred from proxy to
device every second.
It is clear from Figure 8 that the link between the web
server and proxy is not the bottleneck. We see that in most
cases, the time between when the proxy receives the request
from the client to when it has the first byte of data from
the web server is very short (average of 14 msec with a max
of 46 msec). The time to download the data, at an average
of 4 msec, is also quite short. Despite having the data,
however, we observe that the proxy is unable to send the
data quickly to the client device. There is a significant delay
between when the data was downloaded to the proxy to
when it begins to send the data to the client.
This result shows that SPDY has essentially moved the
bottleneck from the client to the proxy. With HTTP, the
client does not request objects until the pending ones are
downloaded. If these downloads take a while, the overall
download process is also affected. In essence, this is like
admission control at the client. SPDY gets rid of this by
requesting all the objects in quick succession. While this
works well when there is sufficient capacity on the proxyclient link, the responses get queued up at the proxy when
the link between the proxy and the client is a bottleneck.
Eliminating Server-Proxy link bottleneck
Figures 6 and 7 show that while today’s web pages do
not take full advantage of SPDY’s capabilities, that is not a
reason for the lack of performance improvements with SPDY
in cellular networks. So as the next step, we focus on the
proxy and see if the proxy-server link is a bottleneck.
In Figure 8 we plot the sequence of steps at the proxy for a
random website from one randomly chosen sample execution
with SPDY. The figure shows the objects in the order of
requests by the client. There are three regions in the plot for
each object. The black region shows the time between when
the object was requested at the proxy to when the proxy
receives the first byte of response from the web server. The
next region, shown in cyan, represents the time it takes the
proxy to download the object from the web server, starting
from the first byte that it receives. Finally, the red region
represents the time it takes the proxy to transfer the object
back to the client.
5.4
Throughput between client and proxy
The previous result showed that the proxy was not able
to transfer objects to the client quickly, resulting in long
wait times for SPDY. Here, we study the average throughput achieved by SPDY and HTTP during the course of our
experiments. Since each website is requested exactly one
minute apart, in Figure 9 we align the start times of each
experiment, bin the data transferred by SPDY and HTTP
each second, and compute the average across all the runs.
308
Data in Flight (in Kbytes)
5.3 SPDY (CoNEXT’13)
300
HTTP
250 SPDY
200
150
100
50
0
0
200
400
140
120
100
80
60
40
20
0
0
3
6
9
140
120
100
80
60
40
20
0
360
363
600
366
300
250
200
150
100
50
0
369
720 725
Time (in sec)
800
730
1000
735
200
180
160
140
120
100
80
60
40
20
0
1140
1200
1145
1150
Figure 10: The number of unacknowledged bytes for a random run with HTTP and SPDY.
The figure shows the average amount of data that was
transferred during that second. The vertical lines seen every
minute indicate the time when a web page was requested.
We see from the graph that HTTP, on average, achieves
higher data transfers than SPDY. The difference sometimes
is as high as 100%. This is a surprising result because, in theory, the network capacity between the client and the proxy
is the same in both cases. The only difference is that HTTP
uses multiple connections each of which shares the available
bandwidth, while with SPDY the single connection uses the
entire capacity. Hence, we would expect the throughput to
be similar; yet they are not. Since network utilization is determined by how TCP adapts to available capacity, we shift
our attention to how TCP behaves in the cellular network.
5.5
the amount of data transferred could be either limits in the
sender’s congestion window or the receiver window.
5.5.1 Congestion window growth
We processed the packet capture data and extracted the
receive window (rwin) advertised by the client. From the
packet capture data, it was pretty clear that rwin was not
the bottleneck for these experimental runs. So instead we
focused on the proxy’s congestion window and its behavior.
To get the congestion window, we needed to tap into the
Linux kernel and ran a kernel module (tcp_probe) that reports the congestion window (cwnd) and slow-start threshold
(ssthresh) for each TCP connection.
Figure 11 shows the congestion window, ssthresh, the
amount of outstanding data and the occurrence of retransmissions during the course of one random run with SPDY.
First we see that in all cases, the cwnd provides the ceiling
on the outstanding data, indicating that it is the limiting
factor in the amount of data transferred. Next we see that
both the cwnd and the ssthresh fluctuate throughout the
run. Under ideal conditions, we would expect them to initially grow and then stabilize to a reasonable value. Finally,
we see many retransmissions (black circles) throughout the
duration of the run (in our plot, the fatter the circle, the
greater the number of retransmissions.)
To gain a better understanding, we zoom into the interval between 40 seconds and 190 seconds in Figure 12. This
represents the period when the client issues requests to websites 2, 3, and 4. The vertical dashed line represents time
instances where there are retransmissions. From Figure 12
we see that, at time 60, when accessing website 2, both the
cwnd and ssthresh are small. This is a result of multiple retransmissions happening in the time interval 0-60 seconds (refer Figure 11). From 60 to 70 seconds, both the
cwnd and ssthresh grow as data is transferred. Since the
cwnd is higher than the ssthresh, TCP stays in congestion avoidance and does not grow as rapidly as it would in
‘slow-start’. The pattern of growth during the congestion
avoidance phase is also particular to TCP-Cubic (because it
first probes and then has an exponential growth).
After about 70 seconds, there isn’t any data to transfer
and then the connection goes idle until about 85 seconds.
This is the key period of performance loss: At this time,
Understanding TCP performance
To understand the cause for the lower average throughput with SPDY, we look at how TCP behaves when there
is one connection compared to when there are multiple connections. We start by looking at the outstanding bytes in
flight between the proxy and the client device with HTTP
and SPDY. The number of bytes in flight is defined as the
number of bytes the proxy has sent to the client that are
awaiting acknowledgment. We plot the data from one random run of the experiment in Figure 10.
Figure 10 shows that there are instances where HTTP
has more unacknowledged bytes, and other instances where
SPDY wins. When we looked at the correlation between
page load times and the number of unacknowledged bytes,
we found that whenever the outstanding bytes is higher, it
results in lower page load times. To illustrate this, we zoom
into four websites (1, 7, 13 and 20) from the same run and
plot them in the lower half of Figure 10. For the first two
websites, HTTP has more unacknowledged data and hence
the page load times was lower (by more than one second),
whereas for 13 and 20, SPDY has more outstanding data
and hence lower page load times (faster by 10 seconds and
2 seconds respectively). We see that the trend applied for
the rest of the websites and other runs. In addition, we see
in websites 1 and 20 that the growth in outstanding bytes
(i.e., the growth of throughput) is quite slow for SPDY. We
have already established in Figure 8 that the proxy is not
starved for data. Hence, the possible reasons for limiting
309
258
D. Rossi – RES224
160
CWnd
Number of Segments
140
quent retransmissions (refer Figure 11). As a consequence,
cwnd is reduced and the ssthresh is set to a value based on
the cwnd (the specific values depend on the flavor of TCP).
TCP then enters slow start and cwnd and ssthresh grow
back quickly to their previous values (again this depends on
the version of TCP, and in this case depends on the behavior of TCP-Cubic). As a result of an idle and subsequent
retransmission, a similar process repeats itself twice, at 90
and 120 seconds with the cwnd and ssthresh. Interestingly,
at 110 seconds, we do not see retransmissions even though
there was an idle period. We attribute this to the fact that
the RTO value is grown large enough to accommodate the
increased round trip time after the idle time.
When website 3 is requested at time 120, the cwnd and
ssthresh grow as data is transferred. The website also
transfers small amounts of data at around 130 seconds, after a short idle period. That causes TCP to reduce its cwnd
to 10. However the idle period is short enough that the
cellular network does not go idle. As a result, there are
no retransmissions and the ssthresh stays at 65 segments.
The cwnd remains at 10 as no data was transferred after that
time. When website 4 is requested at 180 seconds, however,
the ssthresh falls dramatically because there is a retransmission (TCP as well as the cellular network become idle).
Moreover, there are multiple retransmissions as the RTT
estimates no longer hold.
Retransmission
Outstanding Data
SSThresh
120
100
80
60
40
20
0
0
200
400
600
Time (in sec)
800
1000
1200
Figure 11: The cwnd, ssthresh, and outstanding data
for one run of SPDY. The figure also shows times at
which there are retransmissions.
80
CWnd
SSThresh
Out. Data
Number of Segments
70
60
50
40
30
5.5.2 Understanding Retransmissions
20
One of the reasons for both SPDY and HTTP’s performance issues is the occurrence of TCP retransmissions. Retransmissions result in the collapse of TCP congestion window, which in turn hurts throughput. We analyze the occurrence of retransmissions and its cause in this section.
There are on average 117.3 retransmissions for HTTP and
67.3 for SPDY. We observed in the previous section that
most of the TCP retransmissions were spurious due to an
overly tight RTO value. Upon close inspection of one HTTP
run, we found all (442) retransmissions were in fact spurious.
On a per connection basis, HTTP has fewer retransmissions
(2.9) since there are 42.6 concurrent TCP connections open
on average. Thus, the 67.3 retransmits for SPDY results in
much lower throughput. We also note from our traces that
the retransmissions are bursty in nature and typically affect
a few (usually one) TCP connections. Figure 13 shows that
even though HTTP has a higher number of retransmissions,
when one connection’s throughput is compromised, other
TCP connections continue to perform unaffected. Since
HTTP uses a ‘late binding’ of requests to connections (by
allowing only one outstanding request per connection), it is
able to avoid affected connections, and maintain utilization
of the path between the proxy and the end-device. On the
other hand, since SPDY opens only one TCP connection, all
these retransmissions affect its throughput.
10
0
40
60
80
100
120
140
160
180
Time (in sec)
Figure 12: The cwnd, ssthresh, and outstanding data
for three consecutive websites.
when the proxy tries to send data, multiple effects are triggered. First, since the connection has been idle, a TCP parameter (tcp_slow_start_after_idle) is triggered. Intuitively this parameter captures that fact that network bandwidth could have changed during the idle period and hence
it makes sense to discard all the estimates of the available
bandwidth. As a result of this parameter, TCP reduces
the cwnd to the default initial value of 10. Note that the
ssthresh and retransmission timeout (RTO) values are left
unmodified; as a result the connection goes through slow
start until cwnd grows beyond the ssthresh.
Cellular networks make use of a radio resource controller
(RRC) state machine to manage the state of the radio channel for each device.3 The radio on the device transitions
between idle and active states to conserve energy and share
the radio resources. Devices transfer the most data when
they are in the active (or DCH) state. They transition to
idle after a small period of inactivity. When going from
idle to active, the state machine imposes a promotion delay,
which is typically around 2 seconds [12]. This promotion
delay results in a period in which TCP does not receive any
acknowledgments either. Since TCP’s RTO value is not reset
after an idle period, and this RTO value is much smaller than
the promotion delay, it results in a TCP time out and subse-
5.6
Cellular network behavior
5.6.1 Cellular State Machine
In this experiment we analyze the performance improvement gained by they device staying in the DCH state. Since
there is a delay between each website request, we run a continual ping process that transfers a small amount of data every few seconds. We choose a payload that is small enough
3
Refer to Appendix A for a brief description of the RRC
state machine.
310
5.3 SPDY (CoNEXT’13)
x 10
2000
Relative difference
80
7
70
6
5
% of instances
Retransmitted frame number
90
HTTP
SPDY
8
3000
100
4
9
Retransmission
bursts affecting
a single TCP
stream
4
TCP stream 11
3
50
40
30
TCP stream 9
2
1
0
0
60
10
20
30
40
50
SPDY - Ping
HTTP - Ping
HTTP - No Ping
SPDY - No Ping
20
10
TCP stream 3
60
70
80
Time index
Figure 13: Retransmission bursts
affecting a single TCP stream
0
1000
0
-1000
-2000
HTTP
SPDY
-3000
2
4
6
10000
Page Load Time (msec)
8
10
12
14
16
18
20
Website
Figure 14: Impact of cellular RRC
state machine.
to not interfere with our experiments, but large enough that
the state machine keeps the device in DCH mode.
Figure 14 shows the CDF of the page load times for the different websites across the different runs. Unsurprisingly, the
result shows that having the cellular network in DCH mode
through continuous background ping messages significantly
improves the page load time of both HTTP and SPDY. For
example, more than 80% of the instances load in less than 8
seconds when the device sends continual ping messages, but
only between 40% (SPDY) and 45% (HTTP) complete loading without the ping messages. Moreover, SPDY performs
better than HTTP for about 60% of the instances with the
ping messages. We also looked into the number of retransmissions with and without ping messages; not surprisingly,
we observed that the number of retransmissions reduced by
∼91% for HTTP and ∼96% for SPDY indicating that TCP
RTT estimation is no longer impacted by the cellular state
machine. While this result is promising, it is not practical to
keep the device in DCH state as it wastes cellular resources
and drains device battery. Hence, mechanisms need to be
built into TCP that account for the cellular state machine.
5.6.2
1000
Figure 15: Page load times with &
w/o tcp_slow_start_after_idle
9000
Page Load Time (in msec)
8000
7000
HTTP
SPDY
6000
5000
4000
3000
2000
1000
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Test Website
Figure 16: Page Load Time of HTTP and SPDY
over LTE
lay. We focus on a short duration of a particular, randomly
selected, run with SPDY in Figure 17. The figure shows
the congestion window of the TCP connection (in red), the
amount of data in flight (in cyan) and the times when there
are retransmissions (in black). The thicker retransmission
lines indicate multiple retransmissions. We see from the figure that retransmissions occur after an idle period in LTE
also. For example, at around 600 seconds, the proxy tries to
send data to the device after an idle period; timeouts occur
after the transmission of data, leading to retransmissions;
and the congestion window collapses. This result leads us
to believe that the problem persists even with LTE, albeit
less frequently than with 3G.
Performance over LTE
We analyze the performance of HTTP and SPDY over
LTE in this section. LTE adopts an improved RRC state machine with a significantly smaller promotion delay. On the
other hand, LTE also has lower round-trip times compared
to 3G, which has the corresponding effect of having much
smaller RTO values. We perform the same experiments using the same setup as in the previous 3G experiments, but
connect to an LTE network with LTE USB laptop cards.
Figure 16 shows the box plot of page load times for HTTP
and SPDY over LTE. As expected, we see that both HTTP
and SPDY have considerably smaller page load times compared to 3G. We also see that HTTP performs just as well
as SPDY, if not better, for the initial few pages. However, SPDY’s performance is better than HTTP after the
initial set of web pages. We attribute this to the fact that
LTE’s RRC state machine addresses many of the limitations
present in the 3G state machine, thereby allowing TCP’s
congestion window to grow to larger values and thus allowing SPDY to transfer data more quickly. We also looked at
the retransmission data for HTTP and SPDY – the number of retransmissions reduced significantly with an average
of 8.9 and 7.52 retransmissions per experiment with HTTP
and SPDY (as opposed to 117 and 63 with 3G) respectively.
While the modified state machine of LTE results in better performance, we also wanted to see if it eliminated the
issue of retransmission as a result of the state promotion de-
5.7
Summary and Discussion
We see from these results how the interaction between the
different layers affects performance. First we see websites
sending and/or requesting data periodically (ads, tracking
cookies, web analytics, page refreshes, etc.). We also observe
that a key factor affecting performance is the independent
reaction of the transport protocol (i.e., TCP) and the cellular network to inferred network conditions.
TCP implementations assume their cwnd statistics do not
hold after an idle period as the network capacity might have
changed. Hence, they drop the cwnd to its initial value. That
in itself would not be a problem in wired networks as the
cwnd will grow back up quickly. But in conjunction with the
cellular network’s idle-to-active promotion delay, it results in
unintended consequences. Spurious retransmissions occurring due to the promotion delay cause the ssthresh to fall
to the cwnd value. As a result, when TCP tries to recover, it
goes through slow start only for a short duration, and then
311
260
D. Rossi – RES224
100
Congestion Window
Outstanding Data
Retransmissions
80
No. of segments
not help in improving the page load times for SPDY. This
is primarily because with SPDY, requests are issued to each
connection up front. As a result, if a connection encounters
retransmissions, pending objects requested on that connection are delayed. What is required is a late binding of the
response to an ‘available’ TCP connection (meaning that it
has a open congestion window and can transmit data packets from the proxy to the client at that instant) and avoiding
a connection that is currently suffering from the effects of
spurious timeouts and retransmissions. Such a late binding
would allow the response to come back on any available TCP
connection, even if the request was sent out on a different
connection. This takes advantage of SPDY’s capability to
send the requests out in a ‘burst’, and allows the responses
to be delivered to the client as they arrive back, avoiding
any ’head-of-the-line blocking’.
60
40
20
0
300
400
500
600
700
800
Time (sec)
Figure 17: SPDY’s Congestion window and retransmissions over LTE.
6.2
switches to congestion avoidance, even for small number of
segments. From a TCP standpoint, this defeats the design
intent where short transfers that do not have the potential
of causing congestion (and loss) should be able to rapidly
acquire bandwidth, thus reducing transfer time. This difficulty of transport protocols ‘shutting down’ after an idle
period at just the time when applications wake up and seek
to transfer data (and therefore requiring higher throughput)
is not new and has been observed before [8]. However, the
process is further exacerbated in cellular networks with the
existence of a large promotion delay. These interactions thus
degrade performance, including causing multiple (spurious)
retransmissions that have significant undesirable impacts on
the individual TCP connection behavior.
Our results also point to a fundamental flaw in TCP implementations. Existing implementations discard the congestion window value after an idle period to account for
potential changes in the bandwidth during the idle period.
However, information about the latency profile (i.e., RTT estimates) are retained. With the cellular state machine, the
latency profile also changes after an idle period; since the estimates are inaccurate, it results in spurious retransmissions.
We notice that LTE, despite an improved state machine, is
still susceptible to retransmissions when coming out of the
idle state. When we keep the device in active mode continuously, we transform the cellular network to behave more like
a traditional wired (and also a WiFi) network in terms of
latency profile. Consequently, we see results similar to the
ones seen over wired networks.
6.
6.2.1 Resetting RTT Estimate after Idle
There is a fundamental need to decay the estimate of the
available capacity of a TCP connection once it goes idle.
The typical choice made today by implementations is to
just reset cwnd to the initial value. The round trip time
(RTT) estimate, however, is left untouched by implementations. The RTT estimate drives the retransmission timeout
(RTO) value and hence controls when a packet is retransmitted. Not resetting the RTT estimate may be acceptable
in networks that have mostly ‘stable’ latency characteristics
(e.g., a wired or WiFi network), but as we see in our observations with the cellular network this leads to substantially
degraded performance. The cellular network has vastly varying RTT values. In particular, the idle to active transition
(promotion) can take a few seconds. Since the previous RTT
estimate derived when the cellular connection was active
may have been of the order of tens or hundreds of milliseconds, there is a high probability of a spurious timeout and
retransmission of one or more packets after the idle period.
These retransmissions have the cascading effect of reducing
the cwnd further, and also reducing ssthresh. Therefore,
when the cwnd starts growing, it grows in the congestion
avoidance mode, which further reduces throughput. Thus
the interaction of TCP with the RRC state machine of the
cellular network has to be properly factored in to achieve
the best performance. Our recommended approach is to reset the RTT estimate as well, to the initial default value (of
multiple seconds). This causes the RTO value to be larger
than the promotion delay for the 3G cellular network, thus
avoiding spurious timeouts and unnecessary retransmissions.
This, in turn, allows the cwnd to grow rapidly, ultimately reducing page load times.
POTENTIAL IMPROVEMENTS
Having identified the interactions between TCP and the
cellular network as the root cause of the problem, in this
section, we propose steps that can minimize their impact.
6.1
TCP Implementation Optimizations
6.2.2 Benefit of Slow Start after Idle?
Using multiple TCP connections
One approach we also considered was whether avoiding
the ’slow start after idle’ would improve performance. We
examined the benefit or drawback of the TCP connection
transitioning to slow start after idle. We disabled the slow
start parameter and studied the improvement in page load
time. Figure 15 plots the relative difference between the
average page load time of the different websites with and
without this parameter enabled. A negative value on the
Y-axis indicates that disabling the parameter is beneficial,
while a positive value indicates that enabling it is beneficial.
The observation that using a single TCP connection causes
SPDY to suffer because of retransmissions suggests a need
to explore the use of multiple TCP connections. We explore this option by having the browser use 20 SPDY connections to a single proxy process listening on 20 different
ports.4 However, the use of multiple TCP connections did
4
On the browser, we made use of a proxy auto config (PAC)
file that dynamically allocate the proxy address and one of
the 20 ports for each object requested.
312
5.3 SPDY (CoNEXT’13)
We see that the benefits vary across different websites. Our
packet traces indicate that the amount of outstanding data
(and hence throughput) is quite similar in both the cases.
The number of retransmitted packets seem similar under
good conditions, but disabling the parameter runs the risk
of having lots of retransmissions under congestion or poor
channel conditions since the cwnd value is inaccurate after
an idle period. In some instances, cwnd grows so large with
the parameter disabled, that the receive window becomes
the bottleneck and negates the benefit of a large congestion
window at the sender.
6.2.3
the use of caching at different levels (e.g., nodeB, RNC) of a
3G cellular network to reduce download latency of popular
web content.
TCP optimizations: With regards to TCP, several proposals have tried to tune TCP parameters to improve its performance [14] and address issues like Head of Line (HOL)
blocking and multi-homing. Recently, Google proposed in
an IETF RFC 3390 [4] to increase the TCP initial congestion
window to 10 segments to show how web applications will
benefit from such a policy. As a rebuttal, Gettys [6] demonstrated that changing the initial TCP congestion window
can indeed be very harmful to other real-time applications
that share the broadband link and attributed this problem
to one of ”buffer bloat”. As a result Gettys, proposed the
use of HTTP pipelining to provide improved TCP congestion behavior. In this paper, we investigate in detail how
congestion window growth affects download performance for
HTTP and SPDY in cellular networks. In particular, we
demonstrate how idle-to-active transition at different protocol layers results in unintended consequences where there are
retransmissions. Ramjee et al. [3] recognizes how challenging
it can be to optimize TCP performance over 3G networks
exhibiting significant delay and rate variations. They use an
ACK regulator to manage the release of ACKs to the TCP
source so as to prevent undesired buffer overflow. Our work
inspects in detail how SPDY and HTTP behave and thereby
TCP in cellular networks. Specifically, we point out a fundamental insight with regards to avoiding spurious timeouts.
In conventional wired networks, bandwidth changes but the
latency profile does not change as significantly. In cellular
networks, we show that spurious timeout is caused by the
fact that TCP stays with its original estimate for the RTT
and a tight retransmission timeout (RTO) estimate derived
over multiple round-trips during the active period of a TCP
connection is not only invalid, but has significant performance impact. Thus, we suggest using a more conservative
way to manage the RTO estimate.
Impact of TCP variants
We replaced TCP Cubic with TCP Reno to see if modifying the TCP variant has any positive impact on performance. We find in Table 2 that there is little to distinguish
between Reno and Cubic for both HTTP and SPDY over
3G. We see that the average page load time across all the
runs of all pages is better with Cubic. Average throughput
is quite similar with Reno and Cubic, with SPDY achieving
the highest value with Cubic. While this seemingly contradicts the result in Figure 9, note that this result is the
average across all times (ignoring idle times), while the result in Figure 9 considers the average at that one second
instant. Indeed the maximum throughput result confirms
this: HTTP with Cubic achieves a higher throughput than
SPDY with Cubic. SPDY with Reno does not grow the congestion window as much as SPDY with Cubic. This probably results in SPDY with Reno having the worst page load
time across the combinations.
Avg.
Avg.
Max.
Avg.
Max.
Page Load (msec)
Throughput (KBps)
Throughput (KBps)
cwnd (# segments)
cwnd (# segments)
Reno
HTTP
SPDY
9690.84
9899.95
121.88
119.55
1024.74
528.88
10.45
24.16
22
48
Cubic
HTTP
SPDY
9352.58
8671.09
115.36
129.79
889.33
876.98
10.59
52.11
22
197
Table 2: Comparison of HTTP and SPDY with different TCP variants.
6.2.4
8. CONCLUSION
Cache TCP Statistics?
Mobile web performance is one of the most important
measures of users’ satisfaction with their cellular data service. We have systematically studied, through field measurements on a production 3G cellular network, two of the
most prominent web access protocols used today, HTTP and
SPDY. In cellular networks, there are fundamental interactions across protocol layers that limit the performance of
both SPDY as well as HTTP. As a result, there is no clear
performance improvement with SPDY in cellular networks,
in contrast to existing studies on wired and WiFi networks.
Studying these unique cross-layer interactions when operating over cellular networks, we show that there are fundamental flaws in implementation choices of aspects of TCP,
when a connection comes out of an idle state. Because
of the high variability in latency when a cellular end device goes from idle to active, retaining TCP’s RTT estimate
across this transition results in spurious timeouts and a corresponding burst of retransmissions. This particularly punishes SPDY which depends on the single TCP connection
that is hit with the spurious retransmissions and thereby
all the cascading effects of TCP’s congestion control mechanisms like lowering cwnd etc. This ultimately reduces throughput and increases page load times. We proposed a holistic
approach to considering all the TCP implementation fea-
The Linux implementation of TCP caches statistics such
as the slow start threshold and round trip times by default
and reuses them when a new connection is established. If
the previous connection had statistics that are not currently
accurate, then the new connection is negatively impacted.
Note that since SPDY uses only one connection, the only
time these statistics come into play is when the connection
is established. It can potentially impact HTTP, however, because HTTP opens a number of connections over the course
of the experiments. We conducted experiments where we
disabled caching. Interestingly, we find from our results
that both HTTP and SPDY experience reduced page load
times. For example, for 50% of the runs, the improvement
was about 35%. However, there was very little to distinguish
between HTTP and SPDY.
7.
RELATED WORK
Radio resource management: There have been several attempts to improve the performance of HTTP over cellular networks (e.g. [10, 12]). Specifically, TOP and TailTheft
study efficient ways of utilizing radio resources by optimizing timers for state promotions and demotions. [5] studies
313
262
D. Rossi – RES224
Se
nd
/R
2 cv D
se a
c
ta
REFERENCES
[1] 3GPP TS 36.331: Radio Resource Control (RRC).
http://www.3gpp.org/ftp/Specs/html-info/36331.htm.
[2] Squid Caching Proxy. http://www.squid-cache.org.
[3] Chan, M. C., and Ramjee, R. TCP/IP performance over
3G wireless links with rate and delay variation. In ACM
MobiCom (New York, NY, USA, 2002), MobiCom ’02,
ACM, pp. 71–82.
[4] Chu, J., Dukkipati, N., Cheng, Y., and Mathis, M.
Increasing TCP’s Initial Window. http://tools.ietf.org/
html/draft-ietf-tcpm-initcwnd-08.html, Feb. 2013.
[5] Erman, J., Gerber, A., Hajiaghayi, M., Pei, D., Sen, S.,
and Spatscheck, O. To cache or not to cache: The 3g
case. IEEE Internet Computing 15, 2 (2011), 27–34.
[6] Gettys, J. IW10 Considered Harmful.
http://tools.ietf.org/html/
draft-gettys-iw10-considered-harmful-00.html, August
2011.
[7] Google. SPDY: An experimental protocol for a faster web.
http://www.chromium.org/spdy/spdy-whitepaper.
[8] Kalampoukas, L., Varma, A., Ramakrishnan, K. K.,
and Fendick, K. Another Examination of the
Use-it-or-Lose-it Function on TCP Traffic. In ATM
Forum/96-0230 TM Working Group (1996).
[9] Khaunte, S. U., and Limb, J. O. Statistical
characterization of a world wide web browsing session.
Tech. rep., Georgia Institute of Technology, 1997.
[10] Liu, H., Zhang, Y., and Zhou, Y. Tailtheft: leveraging
the wasted time for saving energy in cellular
communications. In MobiArch (2011), pp. 31–36.
[11] Popa, L., Ghodsi, A., and Stoica, I. HTTP as the
narrow waist of the future internet. In Hotnets-IX (2010),
pp. 6:1–6:6.
[12] Qian, F., Wang, Z., Gerber, A., Mao, M., Sen, S., and
Spatscheck, O. TOP: Tail Optimization Protocol For
Cellular Radio Resource Allocation. In IEEE ICNP (2010),
pp. 285–294.
[13] Shruti Sanadhya, and Raghupathy Sivakumar.
Adaptive Flow Control for TCP on Mobile Phones. In
IEEE Infocom (2011).
[14] Stone, J., and Stewart, R. Stream Control Transmission
Protocol (SCTP) Checksum Change.
http://tools.ietf.org/html/rfc3309.html, September
2002.
[15] W3techs.com. Web Technology Surveys. http://w3techs.
com/technologies/details/ce-spdy/all/all.html, June
2013.
[16] Wang, X. S., Balasubramanian, A., Krishnamurthy,
A., and Wetherall, D. Demystifying Page Load
Performance with WProf. In Usenix NSDI’13 (Apr 2013).
[17] Welsh, M., Greenstein, B., and Piatek, M. SPDY
Performance on Mobile Networks. https://developers.
google.com/speed/articles/spdy-for-mobile, April 2012.
[18] Winstein, K., Sivaraman, A., and Balakrishnan, H.
Stochastic Forecasts Achieve High Throughput and Low
Delay over Cellular Networks. In Usenix NSDI’13 (Apr
2013).
IDLE
No power
No Allocated
Bandwidth
CELL_DCH
Idle for
12 sec
CELL_FACH
Continuous
Reception
Short
DRX
Promotion
Demotion
20 msec
No power
No Allocated
Bandwidth
Send/Rcv
Data
0.4 sec
DRX
RRC_IDLE
Long
DRX
11.5 sec
RRC_CONNECTED
Figure 18: The RRC state machines for 3G UMTS
and LTE networks
states, how long a device remains in each state, and the
power it consumes in a state differ between 3G and LTE,
the main purpose is similar: the occupancy in these states
control the number of devices that can access the radio network at a given time. It enables the network to conserve
and share available radio resources amongst the devices and
for saving the device battery at times when the device does
not have data to send or receive.
3G state machine: The 3G state machine, as shown
in Figure 18, typically consists of three states: IDLE, Forward access channel (CELL F ACH) and Dedicated channel (CELL DCH). When the device has no data to send
or receive, it stays in the IDLE state. The device does
not have radio resource allocated to it in IDLE. When
it wants to send or receive data, it has to be promoted to
the CELL DCH mode, where the device is allocated dedicated transport channels in both the downlink and uplink
directions. The delay for this promotion is typically ∼2 seconds. In the CELL F ACH, the device does not have a
dedicated channel, but can transmit at a low rate. This is
sufficient for applications with small amounts or intermittent data. A device can transition between CELL DCH
and CELL F ACH based on data transmission activity. For
example, if a device is inactive for ∼5 seconds, it is demoted
from CELL DCH to CELL F ACH. It is further demoted
to IDLE if there is no data exchange for another ∼12 secs.
Note that these state transition timer values are not general
and vary across vendors and carriers.
LTE state machine: LTE employs a slightly modified
state machine with two primary states: RRC IDLE and
RRC CON N ECT ED. If the device is in RRC IDLE and
sends or receives a packet (regardless of size), a state promotion from RRC IDLE to RRC CON N ECT ED occurs in
about 400 msec. LTE makes use of three sub-states within
RRC CON N ECT ED. Once promoted, the device enters
Continuous Reception state where it uses considerable power
(about 1000mW) but can send and receive data at high
bandwidth. If there is a period of inactivity (e.g., for 100
msec), the device enters the short Discontinuous Reception
(Short DRX) state . If data arrives, the radio returns to the
Continuous Reception state in ∼400 msec. If not, the device
enters the long Discontinuous Reception (Long DRX) state.
In the Long DRX state, the device prepares to switch to the
RRC IDLE state, but is still using high power and waiting for data. If data does arrive within ∼11.5 seconds, the
radio returns to the Continuous Reception state; otherwise
it switches to the low power (< 15 mW) RRC IDLE state.
Thus, compared to 3G, LTE has significantly shorter promotion delays. This shorter promotion delay helps reduce
the number of instances where TCP experiences a spurious
timeout and hence an unnecessary retransmission(s).
APPENDIX
A.
Power:1000+ mW
High Bandwidth
Se
nd
/R
0. cv D
4
se ata
c
10
0
m
se
c
Power: 800 mW
High Bandwidth
r
fo
le c
Id se
5
>
e
siz
e old
eu esh ec
Qu Thr .5 s
1
9.
LTE
3G
tures and parameters to improve mobile web performance
and thereby fully exploit SPDY’s advertised capabilities.
CELLULAR STATE MACHINES
The radio state of every device in a cellular network follows a well-defined state machine. This state machine, defined by 3GPP [1] and controlled by the radio network controller (in 3G) or the base station (in LTE), determines when
a device can send or receive data. While the details of the
314
5.4 SPDY (NSDI’14)
How Speedy is SPDY?
Xiao Sophia Wang, Aruna Balasubramanian, Arvind Krishnamurthy,
and David Wetherall, University of Washington
https://www.usenix.org/conference/nsdi14/technical-sessions/wang
This paper is included in the Proceedings of the
11th USENIX Symposium on Networked Systems
Design and Implementation (NSDI ’14).
April 2–4, 2014 • Seattle, WA, USA
ISBN 978-1-931971-09-6
Open access to the Proceedings of the
11th USENIX Symposium on
Networked Systems Design and
Implementation (NSDI ’14)
is sponsored by USENIX
264
D. Rossi – RES224
How speedy is SPDY?
Xiao Sophia Wang, Aruna Balasubramanian, Arvind Krishnamurthy, and David Wetherall
University of Washington
Abstract
provides only a modest improvement [13, 19]. In our
own study [25] of page load time (PLT) for the top 200
Web pages from Alexa [1], we found either SPDY or
HTTP could provide better performance by a significant
margin, with SPDY performing only slightly better than
HTTP in the median case.
As we have looked more deeply into the performance
of SPDY, we have come to appreciate why it is challenging to understand. Both SPDY and HTTP performance depend on many factors external to the protocols
themselves, including network parameters, TCP settings,
and Web page characteristics. Any of these factors can
have a large impact on performance, and to understand
their interplay it is necessary to sweep a large portion of
the parameter space. A second challenge is that there
is much variability in page load time (PLT). The variability comes not only from random events like network
loss, but from browser computation (i.e., JavaScript evaluation and HTML parsing). A third challenge is that dependencies between network activities and browser computation can have a significant impact on PLT [25].
In this work, we present what we believe to be the
most in-depth study of page load time under SPDY to
date. To make it possible to reproduce experiments, we
develop a tool called Epload that controls the variability by recording and replaying the process of a page load
at fine granularity, complete with browser dependencies
and deterministic computational delays; in addition we
use a controlled network environment. The other key to
our approach is to isolate the different factors that affect
PLT with reproducible experiments that progress from
simple but unrealistic transfers to full page loads. By
looking at results across this progression, we can systematically isolate the impact of the contributing factors
and identify when SPDY helps significantly and when it
performs poorly compared to HTTP.
Our experiments progress as follows. We first compare SPDY and HTTP simply as a transport protocol
(with no browser dependencies or computation) that
transfers Web objects from both artificial and real pages
(from the top 200 Alexa sites). We use a decision tree
analysis to identify the situations in which SPDY outperforms HTTP and vice versa. We find that SPDY improves PLT significantly in a large number of scenarios
that track the benefits of using a single TCP connection.
Specifically, SPDY helps for small object sizes and under low loss rates by: batching several small objects in a
TCP segment; reducing congestion-induced retransmis-
SPDY is increasingly being used as an enhancement
to HTTP/1.1. To understand its impact on performance,
we conduct a systematic study of Web page load time
(PLT) under SPDY and compare it to HTTP. To identify
the factors that affect PLT, we proceed from simple, synthetic pages to complete page loads based on the top 200
Alexa sites. We find that SPDY provides a significant improvement over HTTP when we ignore dependencies in
the page load process and the effects of browser computation. Most SPDY benefits stem from the use of a single
TCP connection, but the same feature is also detrimental under high packet loss. Unfortunately, the benefits
can be easily overwhelmed by dependencies and computation, reducing the improvements with SPDY to 7%
for our lower bandwidth and higher RTT scenarios. We
also find that request prioritization is of little help, while
server push has good potential; we present a push policy based on dependencies that gives comparable performance to mod spdy while sending much less data.
1
Introduction
HTTP/1.1 has been used to deliver Web pages using multiple, persistent TCP connections for at least the past
decade. Yet as the Web has evolved, it has been criticized for opening too many connections in some settings
and too few connections in other settings, not providing
sufficient control over the transfer of Web objects, and
not supporting various types of compression.
To make the Web faster, Google proposed and deployed a new transport for HTTP messages, called
SPDY, starting in 2009. SPDY adds a framing layer for
multiplexing concurrent application-level transfers over
a single TCP connection, support for prioritization and
unsolicited push of Web objects, and a number of other
features. SPDY is fast becoming one of the most important protocols for the Web; it is already deployed by
many popular websites such as Google, Facebook, and
Twitter, and supported by browsers including Chrome,
Firefox, and IE 11. Further, IETF is standardizing a
HTTP/2.0 proposal that is heavily based on SPDY [10].
Given the central role that SPDY is likely to play in
the Web, it is important to understand how SPDY performs relative to HTTP. Unfortunately, the performance
of SPDY is not well understood. There have been several studies, predominantly white papers, but the findings often conflict. Some studies show that SPDY improves performance [20, 14], while others show that it
1
USENIX Association 11th USENIX Symposium on Networked Systems Design and Implementation 387
5.4 SPDY (NSDI’14)
2.1 Limitations of HTTP/1.1
sions; and reducing the time when the TCP pipe is idle.
Conversely, SPDY significantly hurts performance under
high packet loss for large objects. This is because a set
of TCP connections tends to perform better under high
packet loss; it is necessary to tune TCP behavior to boost
performance.
Next, we examine the complete Web page load process by incorporating dependencies and computational
delays. With these factors, the benefits of SPDY are reduced, and can even be negated. This is because: i) there
are fewer outstanding objects at a given time; ii) traffic is
less bursty; and iii) the impact of the network is degraded
by computation. Overall, we find SPDY benefits to be
larger when there is less bandwidth and longer RTTs. For
these cases SPDY reduces the PLT for 70–80% of Web
pages, and for shorter, faster links it has little effect, but
it can also increase PLT: the worst 20% of pages see an
increase of at least 6% for long RTT networks.
In search of greater benefits, we explore SPDY mechanisms for prioritization and server push. Prioritization helps little because it is limited by load dependencies, but server push has the potential for significant improvements. How to obtain this benefit depends on the
server push policy, which is a non-trivial issue because of
caching. This leads us to develop a policy based on dependency levels that performs comparably to mod spdy’s
policy [11] while pushing 80% less data.
Our contributions are as follows:
• A systematic measurement study using synthetic
pages and real pages from 200 popular sites that identifies the combinations of factors for which SPDY
improves (and sometimes reduces) PLT compared to
HTTP.
• A page load tool, Epload, that emulates the detailed
page load process of a target page, including its dependencies, while eliminating variability due to browser
computation. With a controlled network environment,
Epload enables reproducible but authentic page load
experiments for the first time.
• A SPDY server push policy based on dependency
information that provides comparable benefits to
mod spdy while sending much less data over the network.
In the rest of this paper, we first review SPDY background (§2) and then briefly describe our challenge and
approach (§3). Next, we extensively study TCP’s impact on SPDY (§4) and extend to Web page’s impact on
SPDY (§5). We discuss in §6, review related work in §7,
and conclude in §8.
2
When HTTP/1.1, or simply HTTP, was designed in the
late 1990’s, Web applications were fairly simple and
rudimentary. Since then, Web pages have become more
complex and dynamic, making it difficult for HTTP to
meet the increasingly demanding user experience. Below, we identify some of the limitations of HTTP:
i) Browsers open too many TCP connections to load
a page. HTTP improves performance by using parallel
TCP connections. But if the number of connections is
too large, the aggregate flow may cause network congestion, high packet loss, and reduced performance [9]. Further, services often deliver Web objects from multiple domains, which results in even more TCP connections and
the possibility of high packet loss.
ii) Web transfers are strictly initiated from the client.
Consider the loading of embedded objects. Theoretically, the server can send embedded objects along with
the parent object when it receives a request for the parent object. In HTTP, because an object can be sent only
in response to a client request, the server has to wait for
an explicit request which is sent only after the client has
received and processed the parent page.
iii) A TCP segment cannot carry more than one HTTP
request or response. HTTP, TCP and other headers could
account for a significant portion of a packet when HTTP
requests or responses are small. So if there are a large
number of small embedded objects in a page, the overhead associated with these headers is substantial.
2.2 SPDY
SPDY addresses several of the issues described above.
We now review the key ideas in SPDY’s design and implementation and its deployment status.
Design: There are four key SPDY features.
i) Single TCP connection. SPDY opens a single
TCP connection to a domain and multiplexes multiple
HTTP requests and responses (a.k.a., SPDY streams)
over the connection. The multiplexing here is similar to
HTTP/1.1 pipelining but is finer-grained. A single connection also helps reduce SSL overhead. Besides clientside benefits, using a single connection helps reduce the
number of TCP connections opened at servers.
ii) Request prioritization. Some Web objects, such as
JavaScript code modules, are more important than others
and thus should be loaded earlier. SPDY allows the client
to specify a priority level for each object, which is then
used by the server in scheduling the transfer of the object.
iii) Server push. SPDY allows the server to push embedded objects before the client requests for them. This
improves latency but could also increase transmitted data
if the objects are already cached at the client.
iv) Header compression. SPDY supports HTTP
Background
In this section, we review issues with HTTP performance and describe how the new SPDY protocol addresses them.
2
388 11th USENIX Symposium on Networked Systems Design and Implementation USENIX Association
266
D. Rossi – RES224
Implementation: SPDY is implemented by adding a
framing layer to the network stack between HTTP and
the transport layer. Unlike HTTP, SPDY splits HTTP
headers and data payloads into two kinds of frames.
SYN_STREAM frames carry request headers and SYN_
REPLY frames carry response headers. When a header
exceeds the frame size, one or more HEADERS frames
will follow. HTTP data payloads are sliced into DATA
frames. There is no standardized value for the frame size,
and we find that mod spdy caps frame size to 4KB [11].
Because frame size is the granularity of multiplexing, too
large a frame decreases the ability to multiplex while too
small a frame increases overhead. SPDY frames are encapsulated in one or more consecutive TCP segments. A
TCP segment can carry multiple SPDY frames, making it
possible to batch up small HTTP requests and responses.
0.6
0.6
0.4
HTTP
0.4
0.2
SPDY
0
HTTP
SPDY
0
0 0.5 1 1.5 2 2.5 3 3.5 4
Page load time (seconds)
(a) The flag page
0 0.5 1 1.5 2 2.5 3 3.5 4
Page load time (seconds)
(b) Twitter home page
Figure 1: Distributions of PLTs of SPDY and HTTP. Performed a thousand runs for each curve without caching.
likely yield different, even conflicting, results, if they use
different experimental settings. Therefore, a comprehensive sweep of the parameter space is necessary to evaluate under what conditions SPDY helps, what kinds of
Web pages benefit most from SPDY, and what parameters best support SPDY.
Second, we observed in our experiments that the measured page load times have high variances, and this often
overwhelms the differences between SPDY and HTTP.
For example, in Figure 1(b), the variance of the PLT for
the Twitter page is 0.5 second but the PLT difference between HTTP and SPDY is only 0.02 second. We observe
high variance even when we load the two pages in a fully
controlled network. This indicates that the variability
likely stems from browser computation (i.e., JavaScript
evaluation and HTML parsing). Controlling this variability is key to reproducing experiments so as to obtain
meaningful comparisons.
Third, prior work has shown that the dependencies between network operations and computation has a significant impact on PLT [25]. Interestingly, page dependencies also influence the scheduling of network traffic and
affects how much SPDY helps or hurts performance (§4
and §5). Thus, on one hand, ignoring browser computations can reduce PLT variability, but on the other hand,
dependencies need to be preserved in order to obtain accurate measurements under realistic offered loads.
Pinning SPDY down
We would like to experimentally evaluate how SPDY
performs relative to HTTP because SPDY is likely to
play a key role in the Web. But, understanding SPDY
performance is hard. Below, we identify three challenges
in studying the performance of SPDY and then provide
an overview of our approach.
3.1
1
0.8
0.2
Deployment: SPDY is deployed over SSL and TCP. On
the client side, SPDY is enabled in Chrome, Firefox,
and IE 11. On the server side, popular websites such
as Google, Facebook, and Twitter have deployed SPDY.
Another popular use of SPDY is between a proxy and a
client, such as the Amazon Silk browser [16] and Android Chrome Beta [2]. SPDY version 3 is the most recent specification and is widely deployed [21].
3
1
0.8
CDF
CDF
header compression since experiments suggest that
HTTP headers for a single session contain duplicate
copies of the same information (e.g., User-Agent).
Challenges
We identify the challenges on the basis of previous studies and our own initial experimentation. As a first step,
we extensively load two Web pages for a thousand times
using a measurement node at the University of Washington. One page displays fifty world flags [12], which
is advertised by mod spdy [11] to demonstrate the performance benefits of SPDY, and the other is the Twitter
home page. The results are depicted in Figure 1.
First, we observe that SPDY helps the flag page but
not the Twitter page, and it is not immediately apparent
as to why that is the case. Further experimentation in emulated settings also revealed that both the magnitude and
the direction of the performance differences vary significantly with network conditions. Taken together, this indicates that SPDY’s performance depends on many factors such as Web page characteristics, network parameters, and TCP settings, and that measurement studies will
3.2 Approach
Our approach is to separate the various factors that affect
SPDY and study them in isolation. This allows us to control and identify the extent to which these factors affect
SPDY.
First, we extensively sweep the parameter space of all
the factors that affect SPDY including RTT, bandwidth,
loss rate, TCP initial window, number of objects on a
page, and object sizes. We initially ignore page load
dependencies and computation in order to simplify our
analysis. This systematic study allows us to identify
when SPDY helps or hurts and characterize the importance of the contributing factors. Based on further analysis of why SPDY sometimes hurts, we propose some
3
USENIX Association 11th USENIX Symposium on Networked Systems Design and Implementation 389
5.4 SPDY (NSDI’14)
Categ
simple modifications to TCP.
Second, before we perform experiments with page
load dependencies, we address the variability caused by
computation. We develop a tool called Epload that emulates the process of a page load. Instead of performing
real browser computation, Epload records the process
of a sample page load, identifies when computations happen, and replays the page load by introducing the appropriate delays associated with the recorded computations.
After emulating a computation activity, Epload performs real network requests to dependent Web objects.
This allows us to control the variability of computation
while also modeling page load dependencies. In contrast to the methodology that statistically reduces variability by obtaining a large amount of data (usually from
production), our methodology mitigates the root cause
of variability and thus largely reduces the amount of required experiments.
Third, we study the effects of dependencies and computation by performing page loads with Epload. We are
then able to identify how much dependencies and computation affect SPDY, and to identify the relative importance of other contributing factors. To mitigate the negative impact of dependencies and computation, we explore the use of prioritization and server push that enable
the client and the server to coordinate the transfers. Here,
we are able to evaluate the extent to which these mechanisms can improve performance when used appropriately.
4
Net
TCP
Page
Range
20ms, 100ms, 200ms
1Mbps, 10Mbps
0, 0.005, 0.01, 0.02
3, 10, 21, 32
100B, 1K, 10K, 100K, 1M
2, 8, 16, 32, 64, 128, 512
High
≥100ms
≥10Mbps
≥ 0.01
≥ 21
≥ 1K
≥ 64
Table 1: Contributing factors to SPDY performance. We
define a threshold for each factor, so that we can classify
a setting as being high or low in our analysis.
3 without SSL which allows us to decode the SPDY
frames in TCP payloads. To control the exact size of
Web objects, we turn off gzip encoding.
Client: Because we issue requests at the granularity
of Web objects and not pages, we do not work with
browsers, and instead develop our own SPDY client by
following the SPDY/3 specification [21]. Unlike other
wget-like SPDY clients such as spdylay [22] that open
a TCP connection per request, our SPDY client allows us
to reuse TCP connections. Similarly, we also develop an
HTTP client for comparison. We set the maximum number of parallel TCP connections for HTTP to six, as used
by all major browsers. As the receive window is autotuned, it is not a bottleneck in our experiments.
Web pages: To experiment with synthetic pages, we create objects with pre-specified sizes and numbers. To
experiment with real pages, we download the home
pages of the Alexa top 200 websites to our own server.
To avoid the negative impact of domain sharding on
SPDY [18], we serve all embedded objects from the same
server including those that are dynamically generated by
JavaScript.
We run the experiments presented in the entire paper
from June to September, 2013. We repeat our experiments five times and present the median to exclude the
effects of random loss. We collect network traces at both
the client and the server. We define page load time (PLT)
as the elapsed time between when the first object is requested and when the last object is received. Because we
do not experiment within a browser, we do not use the
W3C load event [24].
TCP and SPDY
In this section, we extensively study the performance of
SPDY as a transfer protocol on both synthetic and real
pages by ignoring page load dependencies and computation. This allows us to measure SPDY performance without other confounding factors such as browser computation and page load dependencies. Here, SPDY is only
different from HTTP in the use of a single TCP connection, header compression, and a framing layer.
4.1
Factor
rtt
bw
pkt loss
iw
obj size
# of obj
Experimental setup
We conduct the experiments by setting up a client and a
server that can communicate over both HTTP and SPDY.
Both the server and the client are connected to the campus LAN at the University of Washington. We use Dummynet [6] to vary network parameters. Below details the
experimental setup.
4.2 Experimenting with synthetic pages
In experimenting with synthetic pages, we consider a
broad range of parameter settings for the various factors
that affect performance. Table 1 summarizes the parameter space used in our experiments. The RTT values include 20ms (intra-coast), 100ms (inter-coast), and 200ms
(3G link or cross-continent). The bandwidths emulate
a broadband link with 10Mbps [4] and a 3G link with
1Mbps [3]. We inject random packet loss rates from zero
to 2% since studies suggest that Google servers experience a loss rate between 1% and 2% [5]. At the server,
Server: Our server is a 64-bit machine with 2.4GHz 16
core CPU and 16GB memory. It runs Ubuntu 12.04 with
Linux kernel 3.7.5 using the default TCP variant Cubic.
We use a TCP initial window size of ten as the default
setting, as suggested by SPDY best practices [18]. HTTP
and SPDY are enabled on Apache 2.2.2 with the SPDY
module, mod spdy 0.9.3.3-386, installed. We use SPDY
4
390 11th USENIX Symposium on Networked Systems Design and Implementation USENIX Association
D. Rossi – RES224
obj size
large
SPDY
# of obj
large
small
SPDY
RTT
loss
low
high
low
high
BW
BW
large
SPDY
low
low
high
EQUAL
icwnd
EQUAL
small
SPDY RTT
RTT
low
low
high
low
high
RTT
high
high low
HTTP
BW
low
high
EQUAL
HTTP
high
icwnd
EQUAL
2%
5
HTTP
4 SPDY
3
2
1
2
8
16
32
64
128
(b) Object number
high
HTTP better
12
10 HTTP
SPDY
8
6
4
2
0
100Byte
Figure 2: The decision tree that tells when SPDY or
HTTP helps. A leaf pointing to SPDY (HTTP) means
SPDY (HTTP) helps; a leaf pointing to EQUAL means
SPDY and HTTP are comparable. Table 1 shows how we
define a factor being high or low.
1KB
10KB
100KB
(c) Object size
Figure 3: Performance trends for three factors with a
default setting: rtt=200ms, bw=10Mbps, loss=0, iw=10,
obj size=10K, obj number=64.
tions under which SPDY outperforms HTTP (s < 0.9)
and under which HTTP outperforms SPDY (s > 1.1).
The decision tree analysis generates the likelihood that
a configuration works better under SPDY (or HTTP). If
this likelihood is over 0.75, we mark the branch as SPDY
(or HTTP); otherwise, we say that SPDY and HTTP perform equally.
We obtain the decision tree in Figure 2 as follows.
First, we produce a decision tree based on all the factors.
To populate the branches, we also generate supplemental
decision trees based on subsets of factors. Each supplemental decision tree has a prediction accuracy of 84% or
higher. Last, we merge the branches from supplemental
decision trees into the original decision tree.
we vary TCP initial window size from 3 (used by earlier
Linux kernel versions) to 32 (used by Google servers).
We also consider a wide range of Web object sizes (100B
to 1M) and object numbers (2 to 512). For simplicity, we
choose one value for each factor which means that there
is no cross traffic.
When we sweep this large parameter space, we find
that SPDY improves performance under certain conditions, but degrades performance under other conditions.
4.2.1
1%
0
SPDY
SPDY better or equal to HTTP
0.5%
(a) Packet loss rate
large
BW
SPDY EQUAL
SPDY
0
HTTP
EQUAL
high low
7
6 HTTP
5 SPDY
4
3
2
1
0
# of obj
# of obj
small
EQUAL
low
high
PLT (seconds)
loss
low
PLT (seconds)
small
PLT (seconds)
268
When does SPDY help or hurt
There have been many hypotheses as to whether SPDY
helps or hurts based on analytical inference about parallel versus single TCP connections. For example, one
hypothesis is that SPDY hurts because a single TCP connection increases congestion window slower than multiple connections; another hypothesis is that SPDY helps
stragglers because HTTP has to balance its communications across parallel TCP. However, it is unclear
how much hypotheses contribute to SPDY performance.
Here, we sort out the most important findings, meaning
that hypotheses that are shown here contribute more to
SPDY performance than those that are not shown.
Results: The decision tree shows that SPDY hurts when
packet loss is high. However, SPDY helps under a number of conditions, for example, when there are:
• Many small objects, or small objects under low loss.
• Many large objects under low loss.
• Few objects under good network conditions and a
large TCP initial window.
The decision tree also depicts the relative importance
of contributing factors. Intuitively, factors close to the
root of the decision tree affect SPDY performance more
than those near the leaves. This is because the decision
tree places the important factors near the root to reduce
the number of branches. We find that object size and loss
rate are the most important factors in predicting SPDY
performance. However, RTT, bandwidth, and TCP initial
window play a less important role.
Methodology: To understand the conditions under
which SPDY helps or hurts, we build a predictive model
based on decision tree analysis. In the analysis, each configuration is a combination of values for all factors listed
in Table 1. For each configuration, we add an additional
variable s, which is the PLT of SPDY divided by that of
HTTP. We run the decision tree to predict the configura5
USENIX Association 11th USENIX Symposium on Networked Systems Design and Implementation 391
5.4 SPDY (NSDI’14)
CDF
CDF
0.9
0.85
1
0.8
0.6
0.4
0.2
0
CDF
1
0.95
0
0.8
50
100
150
# objects
1
0.8
0.6
0.4
0.2
0
200
0
50
100
150
# objects
200
HTTP
0.75
(a) # of objects
SPDY w/ TCP
(b) # of objects < 1.5KB
0.7
50
100
# of retransmits
150
200
CDF
Figure 4: SPDY reduces the number of retransmissions.
How much SPDY helps or hurts: We present three
trending graphs in Figure 3. Figure 3(a) shows that
HTTP outperforms SPDY by half when loss rate increases to 2%, Figure 3(b) shows the trend that SPDY
performs better as the number of objects increases, and
Figure 3(c) shows the trend that SPDY performs worse
as the object size increases. We publish the results,
trends, and network traces at http://wprof.cs.
washington.edu/spdy/.
4.2.2
1
0.8
0.6
0.4
0.2
0
CDF
0
0
500 1000 1500
Page size (KB)
(c) Page size (KB)
2000
1
0.8
0.6
0.4
0.2
0
0
20 40 60 80 100
Average object size (KB)
(d) Mean object size (KB)
Figure 5: Characteristics of top 200 Alexa Web pages.
aggressively reduces the congestion window compared
to HTTP which reduces the congestion window on only
one of its parallel connections.
4.3 Experimenting with real pages
Why does SPDY help or hurt
In this section, we study the effects of varying object
sizes and number of objects based on the distributions
observed in real Web pages. We continue to vary other
factors such as network conditions and TCP settings
based on the parameter space described in Table 1. Due
to space limit, we only show results under a 10Mbps
bandwidth.
First, we examine the page characteristics of real
pages because they can explain why SPDY helps or hurts
when we relate them to the decision tree. Figure 5 shows
the characteristics of the top 200 Alexa Web pages [1].
The median number of objects is 30 and the median page
size is 750KB. We find high variability in the size of objects within a page. The standard deviation of the object
size within a page is 31KB (median), even more than the
average object size 17KB (median).
Figure 6 shows PLT of SPDY divided by that of HTTP
across the 200 Web pages. It suggests that SPDY helps
on 70% of the pages consistently across network conditions. Interestingly, SPDY shows a 2x speedup over
half of the pages, likely due to the following reasons.
First, SPDY almost eliminates retransmissions (as indicated in Figure 7). Compared to a similar analysis for artificial pages (see Figure 4), SPDY’s retransmission rate
is even lower. Second, we find in Figure 5(b) that 80% of
the pages have small objects, and that half of the pages
have more than ten small objects. Since SPDY helps
with small objects (based on the decision tree analysis),
it is not surprising that SPDY has lower PLT for this set
of experiments. In addition, we hypothesize that SPDY
could help with stragglers since it multiplexes all objects
on to a single connection and thus reduces the dynamics of congestion windows. To check this hypothesis, we
ran a set of experiments with overall page size and the
While the decision tree informs the conditions under
which SPDY helps or hurts, it does not explain why. To
this end, we analyze the network traces we collected to
explain SPDY performance. We discuss below our findings.
SPDY helps on small objects. Our traces suggest that
TCP implements congestion control by counting outstanding packets not bytes. Thus, sending a few small
objects with HTTP will promptly use up the congestion window, though outstanding bytes are far below the
window limit. In contrast, SPDY batches small objects
and thus eliminates this problem. This explains why the
flag page [12], which mod spdy advertised, benefits from
SPDY.
SPDY benefits from having a single connection. We
find several reasons as to why SPDY benefits from a single TCP connection. First, a single connection results in
fewer retransmissions. Figure 4 shows the retransmissions in SPDY and HTTP across all configurations except those with zero injected loss. SPDY helps because
packet loss occurs more often when concurrent TCP connections are competing with each other. There are additional explanations for why SPDY benefits from using a
single connection. In our previous study [25], our experiments showed that SPDY significantly reduced the contribution of the TCP connection setup time to the critical
path of a page download. Further, our experiments in §5
will show that a single pipe reduces the amount of time
the pipe is idle due to delayed client requests.
SPDY degrades under high loss due to the use of a
single pipe. We discussed above that a single TCP connection helps under several conditions. However, a single connection hurts under high packet loss because it
6
392 11th USENIX Symposium on Networked Systems Design and Implementation USENIX Association
D. Rossi – RES224
1
1
0.8
0.8
0.6
0.6
CDF
CDF
270
0.4
2% loss;TCP+
2% loss;TCP
0
0
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
0
2
1
0.8
1
0.6
0.9
0.4
0.8
CDF
CDF
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
0 loss;TCP
0.7
HTTP
2% loss;TCP
SPDY w/ TCP
0.6
0
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
SPDY w/ TCP+
2
0.5
0
(b) rtt=200ms, bw=10Mbps
1
CDF
0.8
0.7
HTTP
SPDY w/ TCP
0.5
20
40
60
80
100
# of retransmits
120
140
Figure 7: SPDY helps reduce retransmissions.
number of objects drawn from the real pages, but with
equal object sizes embedded inside the pages. When we
perform this experiment, HTTP’s performance improves
only marginally indicating that there is very little straggler effect.
4.4
40
60
80
100
# of retransmits
120
140
nections. Third, when packet loss occurs, the congestion
window (cwnd) backs off with a rate β = 1 − (1 − β)/n
where β is the original backoff rate. In practice, the number of concurrent connections changes over time. Because we are unable to pass this value to the Linux kernel
in real time, we assume that HTTP uses six connections
and set n = 6. We use six here because it is found optimal and used by major browsers [17].
We perform the same set of SPDY experiments with
both synthetic and real pages using TCP+. Figure 8
shows that SPDY performs better with TCP+, and the decision tree analysis for TCP+ suggests that loss rate is no
longer a key factor that determines SPDY performance.
To evaluate the potential side effects of TCP+, we look
at the number of retransmissions produced by TCP+.
Figure 9 shows that SPDY still produces much fewer
retransmissions with TCP+ than with HTTP, meaning
that TCP+ does not abuse the congestion window under the conditions that we experimented with. Here, we
aim to demonstrate that SPDY’s negative impact under
high random loss can be mitigated by tuning the congestion window. Because the loss patterns in real networks
are likely more complex, a solution for real networks
requires further consideration and extensive evaluations
and is out of the scope of this paper.
0.9
0
20
Figure 9: With TCP+, SPDY still produces few retransmissions.
Figure 6: SPDY performance across 200 pages with object sizes and numbers of objects drawn from real pages.
SPDY helps more under a 1Mbps bandwidth.
0.6
2
Figure 8: TCP+ helps SPDY across the 200 pages.
RTT=20ms, BW=10Mbps. Results on other network settings are similar.
(a) rtt=20ms, bw=10Mbps
0.2
2% loss;TCP
0.2
0 loss;TCP
0.2
0.4
TCP modifications
Previously, we found that SPDY hurts mainly under high
packet loss because a single TCP connection reduces the
congestion window more aggressively than HTTP’s parallel connections. Here, we demonstrate that the negative
impact can be mitigated by simple TCP modifications.
Our modification (a.k.a., TCP+) mimics behaviors of
concurrent connections with a single connection. Let the
number of parallel TCP connections be n. First, we propose to multiply the initial window by n to reduce the effect of slow start. Second, we suggest scaling the receive
window by n to ensure that the SPDY connection has the
same amount of receive buffer as HTTP’s parallel con-
5
Web pages and SPDY
This section examines how SPDY performs for real Web
pages. Real page loads incur dependencies and computation that may affect SPDY’s performance. To incorporate dependencies and computation while controlling
variability, we develop a page load emulator Epload
7
USENIX Association 11th USENIX Symposium on Networked Systems Design and Implementation 393
5.4 SPDY (NSDI’14)
Parse css tag
Parse js tag
Parse img
g tag
g
Parse js tag
1
HTML
0.8
CSS
CDF
0.6
JS1
0.4
Image
Chrome
0.2
JS2
Epload
0
Start
Network activity
Elapsed Time
Computation activity
0
Page load
1
1.5
Page load time (seconds)
2
Figure 11: Page loads using Chrome v.s. Epload.
De
Dependency
Figure 10: A dependency graph obtained from WProf.
do not occur deterministically and significantly, we exclude them here.
Using the recorded dependency graph, Epload replays the page load process as follows. First, Epload
starts the activity that loads the root HTML. When the
activity is finished, Epload checks whether it should
trigger a dependent activity based on whether all activities that the dependent activity depends on are finished.
For example in Figure 10, the dependent activity is parsing the HTML, and it should be triggered. Next, it starts
the activity that parses the HTML. Instead of performing
HTML parsing, it waits for the same amount of time that
parsing takes (based on the recorded information) and
checks dependent activities upon completion. This proceeds until all activities are finished. The actual replay
process is more complex because a dependent activity
can start before an activity is fully completed. For example, parsing an HTML starts after the first chunk of the
HTTP response is received; and loading the CSS starts
after the first chunk of HTML is fully parsed. Epload
models all of these aspects of a page load.
that hides the complexity and variations in browser computation while performing authentic network requests
(§5.1). We use Epload to identify the effect of page
load dependencies and computation on SPDY’s performance (§5.2). We further study SPDY’s potential by examining prioritization and server push (§5.3).
5.1
0.5
Epload: emulating page loads
Web objects in a page are usually not loaded at the same
time, because loading an object can depend on loading
or evaluating other objects. Therefore, not only network
conditions, but also page load dependencies and browser
computation, affect page load times. To study how much
SPDY helps the overall page load time, we need to evaluate SPDY’s performance by preserving dependencies and
computation of real page loads.
Dependencies and computation are naturally preserved by loading pages in real browsers. However, this
procedure incurs high variances in page load times that
stem from both network conditions and browser computation. We have conducted controlled experiments to
control the variability of network, and here introduce the
Epload emulator to control the variability of computation.
Implementation: Epload recorder is implemented
based on WProf to generate a dependency graph that
specifies activities and their dependencies. Epload
records the computational delays while performing the
page load in the browser, whereas the network delays are
realized independently for each replay run. We implement Epload replayer using node.js. The output from
Epload replayer is a series of throttled HTTP or SPDY
requests to perform a page load. The Epload code
is available at http://wprof.cs.washington.
edu/spdy/.
Design: The key idea of Epload is to decouple network
operations and computation in page loads. This allows
Epload to simplify computation while scheduling network requests at the appropriate points during the page
load.
Epload records the process of a page load by capturing the dependency graph using our previous work,
WProf [25]. WProf captures the dependency and timing
information of a page load. Figure 10 shows an example
of a dependency graph obtained from WProf where activities depend on each other. This Web page embeds a
CSS, a JavaScript, an image, and another JavaScript. A
bar represents an activity (i.e., loading objects, evaluating CSS and JavaScript, parsing HTML) while an arrow
represents that one activity depends on another. For example, evaluating JS1 depends on both loading JS1 and
evaluating CSS. Therefore, evaluating JS1 can only start
after the other two activities complete. There are other
dependencies such as layout and painting. Because they
Evaluation: We validate that Epload controls the variability of computation. We compare the differences of
two runs across 200 pages loaded by Epload and by
Chrome. The network is tuned to a 20ms RTT, a 10Mbps
bandwidth, and zero loss. Figure 11 shows that Epload
produces at most 5% differences for over 80% of pages
which is a 90% reduction compared to Chrome.
5.2
Effects of dependencies and computation
We use Epload to measure the impact of dependencies
and computation. We set up experiments as follows. The
Epload recorder uses a WProf-instrumented Chrome to
8
394 11th USENIX Symposium on Networked Systems Design and Implementation USENIX Association
272
D. Rossi – RES224
1
1
0.8
0.8
0.6
CDF
CDF
0.6
0 loss;TCP
0.4
0 loss;TCP
0.4
0 loss;TCP+
0 loss;TCP+
2% loss;TCP
0.2
2% loss;TCP
0.2
2% loss;TCP+
2% loss;TCP+
0
0
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
2
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
(a) rtt=20ms, bw=1Mbps
(b) rtt=200ms, bw=1Mbps
1
1
0.8
0.8
0.6
CDF
0.6
CDF
2
0 loss;TCP
0.4
0 loss;TCP
0.4
0 loss;TCP+
0 loss;TCP+
2% loss;TCP
0.2
2% loss;TCP
0.2
2% loss;TCP+
2% loss;TCP+
0
0
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
2
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
(c) rtt=20ms, bw=10Mbps
2
(d) rtt=200ms, bw=10Mbps
Figure 12: SPDY performance using emulated page loads. Compared to Figure 6, it suggests that dependencies and
computation reduce the impact of SPDY and that RTT and bandwidth become more important.
obtain the dependency graphs of the top 200 Alexa Web
pages [1]. Epload runs on a Mac with 2GHz dual core
CPU and 4GB memory. We vary other factors based on
the parameter space described in Table 1. Due to space
limit, we only show figures under a 10Mbps bandwidth.
1
0.8
CDF
0.6
0.4
HTTP
0.2
Figure 12 shows the performance of SPDY versus
HTTP after incorporating dependencies and computation. Compared to Figure 6, dependencies and computation largely reduce the amount that SPDY helps or
hurts. We make the following observations along with
supporting evidence. First, computation and dependencies increase PLTs of both HTTP and SPDY, reducing
the network load. Second, SPDY reduces the amount of
time a connection is idle, lowering the possibility of slow
start (see Figure 13). Third, dependencies help HTTP by
making traffic less bursty, resulting in fewer retransmissions (see Figure 14). Fourth, having fewer outstanding
objects diminishes SPDY’s gains, because SPDY helps
more when there are a large number of outstanding objects (as suggested by the decision tree in Figure 2).
Here, we see that dependencies and computation reduce
and can easily nullify the benefits of SPDY, implying
that speeding up computation or breaking dependencies
might be necessary to improve the PLT using SPDY.
SPDY
0
0
0.2
0.4
0.6
% of idle RTTs
0.8
1
Figure 13: Fractions of RTTs when a TCP connection is
idle. Experimented under 2% loss rate.
amount of impact that computation has on SPDY. This
explains why SPDY provides minimal improvements under good network conditions (see Figure 12(c)).
To identify the impact of computation, we scale the
time spent in each computation activity by factors of 0,
0.5, and 2. Figure 15 shows the performance of SPDY
versus HTTP, both with scaled computation and under
high bandwidths, suggesting that speeding up computation increases the impact of SPDY. Surprisingly, speeding up computation to the extreme is sometimes no better
than a x2 speedup. This is because computation delays
the requesting of dependent objects which allows for previously requested objects to be loaded faster, and therefore possibly lowers the PLT.
Interestingly, we find that RTT and bandwidth now
play a more important role in the performance of SPDY.
For example, Figure 12 shows that SPDY helps up to
80% of the pages under low bandwidths, but only 55%
of the pages under high bandwidths. This is because RTT
and bandwidth determine the amount of time page loads
spend in network relative to computation, and further the
5.3 Advancing SPDY
SPDY provides two mechanisms, i) prioritization and ii)
server push, to mitigate the negative effects of dependencies and computation of real page loads. However, little
is known about how to better use the mechanisms. In this
section, we explore advanced policies to speed up page
9
USENIX Association 11th USENIX Symposium on Networked Systems Design and Implementation 395
5.4 SPDY (NSDI’14)
WProf dependency graph
CDF
1
0.9
H
0.8
C
0.7
J1
0.6
w/o dep. & comp.
I1
w/ dep. & comp.
J2
Object dependency graph
d:4
H
H
d:3
C
C
J1
J1
d:1
I1
J2 d:2
J2
d:3
0.5
0
20
40
60
80
100
# of retransmits
120
I2
140
Figure 14: SPDY helps reduce retransmissions.
Network activity
1
0.6
Computation activity
De
Dependency
PLT_w/_priority / PLT_w/o_priority
x1
0.2
x2
0
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
2
Figure 15: Results by varying computation when
bw=10Mbps, rtt=200ms.
1.4
1.2
chrome-priority
dependendy-priority
1
0.8
0.6
0.4
0.2
0
10th
loads using these mechanisms.
50th
90th
(a) rtt=20ms, bw=10Mbps
PLT_w/_priority / PLT_w/o_priority
x0
0.4
x 0.5
5.3.1
d:1
Figure 16: Converting WProf dependency graph to an
object-based graph. Calculating a depth to each object in
the object-based graph.
0.8
CDF
I2
Elapsed Time
1.4
1.2
chrome-priority
dependendy-priority
1
0.8
0.6
0.4
0.2
0
10th
50th
90th
(b) rtt=200ms, bw=10Mbps
Figure 17: Results of priority (zero packet loss) when
bw=10Mbps. bw=1Mbps results are similar to (b).
Basis of advancing
To better schedule objects, both prioritization and server
push provide mechanisms to specify the importance for
each object. Thus, the key issue is to identify the importance of objects in an automatic manner. To highlight
the benefits, we leverage the dependency information obtained from a previous load of the same page. This information gives us ground truth as to which objects are critical for reducing PLT. For example, in Figure 10, all the
activities depend on loading the HTML, making HTML
the most important object; but no activity depends on
loading the image, suggesting that the image is not an
important object.
To quantify the importance of an object, we first look
at the time required to finish the page load starting from
the load of this object. We denote this as time to finish
(TTF). In Figure 10, TTF of the image is simply the time
to load the image alone, while TTF of JS2 is the time
to both load and evaluate it. Because TTF of the image
is longer than TTF of JS2, this image is more important
than JS2. Unfortunately in practice, it is not clear as to
how long it would take to load an object, before we make
the decision to prioritize or push it.
Therefore, we simplify the definition of importance.
First, we convert the activity-based dependency graph to
an object-based graph by eliminating computation while
preserving dependencies (Figure 16). Second, we calculate the longest path from each object to the leaf objects;
this process is equivalent to calculating node depths of a
directed acyclic graph. Figure 16 (right) shows an example of assigned depths. Note that the depth here equals
TTF if we ignore computation and suppose that the load
of each object takes the same amount of time.
We use this depth information to prioritize and push
objects. This implies that the browser or the server
should know this beforehand. We provide a tool to let
Web developers measure the depth information for objects transported by their pages.
5.3.2 Prioritization
SPDY/3 allows eight priority levels for clients to
use when requesting objects. SPDY best practices
website [18] recommends prioritizing HTML over
CSS/JavaScript and CSS/JS over the rest (chromepriority). Our priority levels are obtained by linearly mapping the depth information computed above
(dependency-priority).
We compare the two prioritization policies to baseline
SPDY in Figure 17. Interestingly, we find that there is
almost no benefit by using chrome-priority while
dependency-policy marginally helps under a 20ms
RTT. The impact of explicit prioritization is minimal because the dependency graph has already implicitly prioritized objects. Implicit prioritization results from browser
policies, independent of Web pages themselves. For example in Figure 10, all other objects cannot be loaded
before HTML; Image and JS2 cannot be loaded before
CSS and JS1. As dependencies limit the impact of SPDY,
prioritization cannot break dependencies, and thus is unlikely to improve SPDY’s PLT.
10
396 11th USENIX Symposium on Networked Systems Design and Implementation USENIX Association
274
D. Rossi – RES224
1
1
1
0.8
0.8
0.8
By embedding
0.4
By dependency
0.6
CDF
0.6
Push all
CDF
CDF
0.6
0.4
0.4
By dependency
0.2
0.2
0
0
By dependency
By embedding
By embedding
0.2
Push all
0
0.2
0.4
0.6
% of pushed bytes
(a) Pushed bytes
0.8
1
Push all
0
0
0.5
1
1.5
PLT w/ server push divided by SPDY PLT
2
(b) rtt=20ms, bw=10Mbps
0
0.5
1
1.5
PLT w/ server push divided by SPDY PLT
2
(c) rtt=200ms, bw=10Mbps
Figure 18: Results of server push when bw=10Mbps.
5.3.3
Server push
1
SPDY allows servers to push objects to save round trips.
However, server push is non-trivial because there is a tension between making page loads faster and wasting bandwidth. Particularly, one should not overuse server push
if pushed objects are already cached. Thus, the key goal
is to speed up page loads while keeping the cost low.
We find no standard or best practices guidance from
Google on how to do server push. Mod spdy can be configured to push up to an embedding level, which is defined as follows: the root HTML page is at embedding
level 0; objects at embedding level i are those whose
URLs are embedded in objects at embedding level i − 1.
An alternative policy is to push based on the depth information.
Figure 18 shows server push performance (i.e., push
all objects, one embedding level, and one dependency
level) compared to baseline SPDY. We find that server
push helps, especially under high RTT. We also find that
pushing by dependency incurs comparable speedups to
pushing by embedding, while benefiting from a 80% reduction in pushed bytes (Figure 18(a)). Note that server
push does not always help because pushed objects share
bandwidth with more important objects. In contrast to
prioritization, server push can help because it breaks dependencies which limits the performance gains of SPDY.
5.4
0.8
CDF
0.6
None
TCP+
0.2
TCP+; push
0
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
2
(a) rtt=20ms, bw=10Mbps
1
0.8
CDF
0.6
0.4
None
TCP+
0.2
TCP+; push
0
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
2
(b) rtt=200ms, bw=10Mbps
Figure 19: Put all together when bw=10Mbps.
1
0.8
CDF
0.6
0.4
No sharding
By domain
0.2
Putting it all together
By TLD
0
We now pool together the various enhancements (i.e.,
TCP+ and server push by one dependency level). Figure 19 shows that this improves SPDY by 30% under
high RTTs. But this improvement largely diminishes under low RTTs where computation dominates page load
times.
6
0.4
0
0.5
1
1.5
PLT of SPDY divided by PLT of HTTP
2
Figure 20: Results of domain shading when bw=10Mbps
and rtt=20ms.
143Mbps) and loss rates are extremely low. These network parameters well explain our SPDY evaluations in
the wild (not shown due to space limit) that are similar to synthetic ones under high bandwidths and low loss
rates. The evaluations here are preliminary and covering
a complete set of scenarios would be future work.
Discussions
SPDY in the wild: To evaluate SPDY in the wild,
we place clients at Virginia (US-East), North California (US-West), and Ireland (Europe) using Amazon EC2
micro-instances. We add explanatory power by periodically probing network parameters between clients and
the server, and find that RTTs are consistent: 22ms
(US-East), 71ms (US-West), and 168ms (Europe). For
all vantage points, bandwidths are high (10Mbps to
Domain sharding: As suggested by SPDY best practices [18], we used a single connection to fetch all the
objects of a page to eliminate the negative impact of domain sharing. In practice, migrating objects to one domain suffers from deployment issues given popular uses
of third parties (e.g., CDNs, Ads, and Analytics). To this
11
USENIX Association 11th USENIX Symposium on Networked Systems Design and Implementation 397
5.4 SPDY (NSDI’14)
end, we evaluate situations when objects are distributed
to multiple servers that cooperatively use SPDY. We distribute objects by full domain to represent the state-ofthe-art of domain sharding. We also distribute objects by
top-level domain (TLD). This demonstrates the situation
when websites have eliminated domain sharding but still
use third-party services. Figure 20 compares SPDY performance under these object distributions. We find that
domain sharding hurts as expected but hosting objects by
TLD is comparable to using one connection, suggesting
that SPDY’s performance does not degrade much when
some portions of the page are provided by third-party services.
SPDY, but the other studies show that SPDY helps only
marginally. While providing invaluable measurements,
these studies look at a limited parameter space. Studies
by Microsoft [14] and Cable Labs [19] only measured
single Web pages and the other studies consider only a
limited set of network conditions. Our study extensively
swept the parameter space including network parameters, TCP settings, and Web page characteristics. We are
the first to isolate the effect of dependencies, which are
found to limit the impact of SPDY.
TCP enhancements for the Web: Google have proposed and deployed several TCP enhancements to make
the Web faster. TCP fast open eliminates the TCP connection setup time by sending application data in the
SYN packet [15]. Proportional rate reduction smoothly
backs off congestion window to transmit more data under packet loss [5]. Tail loss probe [23] and other
measurement-driven enhancements described in [8] mitigated or eliminated loss recovery by retransmission timeout. Our TCP modifications are specific to SPDY and are
orthogonal to Google’s proposals.
SSL: SSL adds overhead to page loads which can degrade the impact of SPDY, but it keeps the handshake
overhead low by using a single connection. We conduct
our experiments using SSL and find that the overhead of
SSL is too small to affect SPDY’s performance.
Mobile: We perform a small set of SPDY measurements
under mobile environments. We assume large RTTs, low
bandwidths, high losses, and large computational delays,
as suggested by related literature [3, 26]. Results with
simulated slow networks suggest that SPDY helps more
but also hurts more. It also shows that prioritization and
server push by dependency help less (not shown due to
space limit). However, large computational delays on
mobile devices reduce the benefits provided by SPDY.
This means that the benefits of SPDY under mobile scenarios depends on the relative changes in performance
of the network and computation. Further studies on real
mobile devices and networks would advance the understanding in this space.
Advanced SPDY mechanisms: There are no recommended policies on how to use the server push mechanism. We find that mod spdy [11] implements server
push by embedding levels. However, we find that this
push policy wastes bandwidths. We provide a server
push policy based on dependency levels that performs
comparably to mod spdy’s while pushing 80% less data.
8 Conclusion
Our experiments and prior work show that SPDY can either help or sometimes hurt the load times of real Web
pages by browsers compared to using HTTP. To learn
which factors lead to performance improvements, we
start with simple, synthetic page loads and progressively
add key features of the real page load process. We find
that most of the performance impact of SPDY comes
from its use of a single TCP connection: when there is
little network loss a single connection tends to perform
well, but when there is high loss a set of connections tend
to perform better. However, the benefits from a single
TCP connection can be easily overwhelmed by dependencies in real Web pages and browser computation. We
conclude that further benefits in PLT will require changes
to restructure the page load process, such as the server
push feature of SPDY, as well as careful configuration at
the TCP level to ensure good network performance.
Limitations: Our work does not consider a number of
aspects. First, we did not evaluate the effects of header
compression because it is not expected to provide significant benefits. Second, we did not evaluate dynamic
pages which take more time in server processing. Similar to browser computation, server processing will likely
reduce the impact of SPDY. Last, we are unable to evaluate SPDY under production servers where network is
heavily used.
7
Related Work
SPDY studies: Erman et al. [7] studied SPDY in the
wild on 20 Web pages by using cellular connections and
SPDY proxies. They found that SPDY performed poorly
while interacting with radios due to a large body of unnecessary retransmissions. We used more reliable connections, enabled SPDY on servers, and swept a more
complete parameter space. Other SPDY studies include
the SPDY white paper [20] and measurements by Microsoft [14], Akamai [13], and Cable Labs [19]. The
SPDY white paper shows a 27% to 60% speedup for
Acknowledgements
We thank Will Chan, Yu-Chung Cheng, and Roberto
Peon from Google, our shepherd, Sanjay Rao, and the
anonymous reviewers for their feedback. We thank
Ruhui Yan for helping analyze packet traces.
12
398 11th USENIX Symposium on Networked Systems Design and Implementation USENIX Association
276
D. Rossi – RES224
References
[14] J. Padhye and H. F. Nielsen. A comparison of
SPDY and HTTP performance. In MSR-TR-2012102.
[1] Alexa - The Web Information Company.
http://www.alexa.com/topsites/
countries/US.
[15] S. Radhakrishnan, Y. Cheng, J. Chu, A. Jain, and
B. Raghavan. TCP Fast Open. In Proc. of the International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2011.
[2] Data compression in chrome beta for android.
http://blog.chromium.org/2013/03/
data-compression-in-chrome-betafor.html.
[16] Amazon silk browser. http://amazonsilk.
wordpress.com/.
[3] A. Balasubramanian,
R. Mahajan,
and
A. Venkataramani.
Augmenting Mobile 3G
Using WiFi. In Proc. of the international conference on Mobile systems, applications, and services
(Mobisys), 2010.
[4] National Broadband Map.
broadbandmap.gov/.
[17] Chapter 11. HTTP 1.X.
http://
chimera.labs.oreilly.com/books/
1230000000545/ch11.html.
[18] SPDY best practices.
http://dev.
chromium.org/spdy/spdy-bestpractices.
http://www.
[19] Analysis of SPDY and TCP Initcwnd.
http://tools.ietf.org/html/draftwhite-httpbis-spdy-analysis-00.
[5] N. Dukkipati, M. Mathis, Y. Cheng, and
M. Ghobadi. Proportional Rate Reduction for TCP.
In Proc. of the SIGCOMM conference on Internet
Measurement Conference (IMC), 2011.
[20] SPDY whitepaper. http://www.chromium.
org/spdy/spdy-whitepaper.
[6] Dummynet. http://info.iet.unipi.it/
˜luigi/dummynet/.
[21] SPDY protocol–Draft 3.
http://www.
chromium.org/spdy/spdy-protocol/
spdy-protocol-draft3.
[7] J. Erman, V. Gopalakrishnan, R. Jana, and K. Ramakrishnan. Towards a SPDYier Mobile Web? In
Proc. of the International Conference on emerging Networking EXperiments and Technologies
(CoNEXT), 2013.
[22] Spdylay - SPDY C Library. https://github.
com/tatsuhiro-t/spdylay.
[23] Tail Loss Probe (TLP): An Algorithm for
Fast Recovery of Tail Losses.
http:
//tools.ietf.org/html/draftdukkipati-tcpm-tcp-loss-probe-01.
[8] T. Flach, N. Dukkipati, A. Terzis, B. Raghavan,
N. Cardwell, Y. Cheng, A. Jain, S. Hao, E. KatzBassett, and R. Govindan. Reducing Web Latency:
the Virtue of Gentle Aggression. In Proc. of the
ACM Sigcomm, 2013.
[24] W3C DOM Level 3 Events Specification.
http://www.w3.org/TR/DOM-Level3-Events/.
[9] T. J. Hacker, B. D. Noble, and B. D. Athey. The
Effects of Systemic Packet Loss on Aggregate TCP
Flows . In Proc. of IEEE Iternational Parallel and
Distributed Processing Symposium (IPDPS), 2002.
[25] X. S. Wang, A. Balasubramanian, A. Krishnamurthy, and D. Wetherall. Demystifying page load
performance with WProf. In Proc. of the USENIX
conference on Networked Systems Design and Implementation (NSDI), 2013.
[10] HTTP/2.0 Draft Specifications.
https://
github.com/http2/http2-spec.
[26] X. S. Wang, H. Shen, and D. Wetherall. Accelerating the Mobile Web with Selective Offloading. In
Proc. of the ACM Sigcomm Workshop on Mobile
Cloud Computing (MCC), 2013.
[11] mod spdy. https://code.google.com/p/
mod-spdy/.
[12] World Flags mod spdy Demo. https://www.
modspdy.com/world-flags/.
[13] Not as SPDY as you thought.
http:
//www.guypo.com/technical/notas-spdy-as-you-thought/.
13
USENIX Association 11th USENIX Symposium on Networked Systems Design and Implementation 399
Example de contrôle de connaissances (CC)
277
6 Example de contrôle de connaissances (CC)
Remarque. Pendant la periode du contrôle annexé comme example, les lectures obligatoires étaient les
suivantes. Les questions QCM concernant les LO ne sont donc pas forcement pertinents pour la periode
courante et sont donnée á titre indicatif.
• Alckok, R. Nelson, “Application flow control in YouTube video streams,” ACM SIGCOMM CCR
Vol. 41, No. 2, April 2011
• A. Finamore et al. “YouTube everywhere: Impact of Device and Infrastructure Synergies on User
Experience,” ACM IMC’11, Nov 2011
• P. Marciniak et al., “Small is not always beautiful,” USENIX IPTPS’08, Tampa Bay, FL, Feb 2008
• A. Legout et al., “Clustering and sharing incentives in BitTorrent,” ACM SIGMETRICS’07, San
Diego CA, Jun 2007
278
D. Rossi – RES224
Examen de RES224
25/11/2011
Prénom
Cycle/ID
Nom
QCM No.
43
Instructions :
– Sans documents ni instrument electroniques (e.g., calculette, iPhone, etc.).
– Tous les informations nécessaires à la resolution de cet exam vous sont fournis dans le texte : à l’occurrence,
une table des codes ASCII et les entetes des protocoles peut se trouver à la fin du questionnaire (au cas
où cela puisse se rendre utile à la resolution des exercices).
– Il est nécessaire de rendre toutes les feuilles.
– Veillez à compléter vos données personnelles (e.g., prénom, nom, ID, etc.) dans l’espace approprié en haut
de cette page et dans la pages des exercices.
– Cet examen se compose de question choix multiples sur le contenu du cours (QCM, environ 2/3 de la note
d’examen) et d’exercices ou question ouvertes ou QCM sur les lectures obligatoires (environ 1/3 de la note
d’examen).
– Chaque question QCM a une seule bonne reponse (à noter que certaines réponses du QCM peuvent avoir
un poids négatif ).
– Réportez impérativement au plus une réponse par question du QCM dans la table en bas utilisant des LETTRES MAJUSCULES (seules les réponses reportées dans la table de la première page seront comptées).
Question
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Réponse
Question
Réponse
Question 1. Lequel parmi les protocoles suivants fonctionne normalement en modalité “PUSH” ?
A) User Datagram Protocol
B) Post-Office Protocol
C) Hyper-Text Transfer Protocol
D) Simple Mail Transfer Protocol
Question 2. Le protocole HTTP :
A) verifie toujours que le code HTML des pages qu’il transporte soit conforme aux normes W3C
B) ne verifie jamais si le code HTML des pages qu’il transporte est conforme aux normes W3C
C) le coté serveur de HTTP est capable de verifier que le code HTML des pages qu’il envoye est conforme aux
normes W3C, pourvu que cette option soit specifié en debut de requete
D) le coté client de HTTP est capable de verifier que le code HTML des pages recues est conforme aux normes
W3C, pourvu que cette option soit specifié en debut de reponse
Question 3. Dans un système P2P comme BitTorrent, le fichier à partager est initialement servi par un seul
“seed” (qui est aussi appellé “source”). Les auteurs de [1] étudient les variations du temps de complètement du
système en fonction du taux d’upload US du premier “seed” en le mettant en relation avec le taux de download
DL des “leechers” (les autres paires intéressés à la ressource). Quelle est la condition nécessaire indiquée dans
[1] afin que le partage du fichier soit efficace ?
1
6.1 Enoncé du 25/11/2011
[1] A. Legout et al., “Clustering and sharing incentives in BitTorrent,” ACM SIGMETRICS, San Diego CA,
Jun 2007.
A) US ≥ DL
B) US > 10DL
C) DL > 10US
D) DL > US
Question 4. Le protocole DNS :
A) n’utilise que le protocole UDP
B) n’utilise le protocole TCP que si le serveur secondaire est en panne
C) utilise le protocole TCP uniquement pour la procedure de transfer de zone
D) peut utiliser le protocole TCP en fonction de la taille de la reponse
Question 5. Par méthode expérimentale, les auteurs de [1] analysent les performance de BitTorrent. Quel
est le phénomène du “clustering” observé en [1], et quel sont ses conséquences ?
[1] A. Legout et al., “Clustering and sharing incentives in BitTorrent,” ACM SIGMETRICS, San Diego CA,
Jun 2007.
A) le “clustering” est le phénomène pour lequel, dans un système hétérogène avec paires ayant différent taux
d’upload, l’algorithme de choix des paires (i.e., choking) favorise les échanges entre paires ayant de taux
d’upload similaires ; par conséquent, le temps de complètement du fichier se stratifient en fonction du taux
d’upload où les paires ayant le taux d’upload les plus élevés obtiennent les temps de complètement les
plus courts
B) le “clustering” est le phénomène pour lequel, dans un système hétérogène avec paires ayant différent taux
d’upload, l’algorithme de choix des paires (i.e., choking) favorise les échanges entre paires ayant de taux d’upload différents ; par conséquent, le temps de complètement du fichier s’égalisent indifféremment du taux
d’upload, car les paires ayant les taux d’upload les plus élevés aident à diminuer le temps de complètement
des paires ayant les taux d’upload les plus faibles
C) le “clustering” est le phénomène pour lequel, dans un système hétérogène avec paires ayant différent délai
d’accès , l’algorithme de choix des paires (i.e., choking) favorise les échanges entre paires ayant des délai
d’accès différents ; par conséquent, le temps de complètement du fichier s’égalisent indifféremment du délai
d’accès, car les paires ayant le délai d’accès plus faibles aident à diminuer le temps de complètement des
paires ayant les délai d’accès les plus élevés
D) le “clustering” est le phénomène pour lequel, dans un système hétérogène avec paires ayant différent délai
d’accès, l’algorithme de choix des paires (i.e., choking) favorise les échanges entre paires ayant de délai
d’accès similaires ; par conséquent, le temps de complètement du fichier se stratifient en fonction du délai
d’accès, où les paires ayant les délai d’accès les plus faibles obtiennent les temps de complètement les plus
courts
Question 6.
Dans l’applicatif Skype, on observe des retransmission potentiellement non nécessaires du contenu voix :
A) en fin d’appel, lors de la terminaison de la connexion par signalisation au niveau applicatif
B) en début d’appel, lorsque les conditions du réseau sont inconnues
C) en début de connexion, lors de la mise en place de l’appel par signalisation au niveau applicatif
Question 7. Concernant le Post Office Protocol POP3 et les repertoires de stockage des messages :
A) POP n’impose pas une limite au nombre de repertoirs, (pourvu que la taille totale des messages n’excède
pas la taille totale disponible à l’usager)
B) POP est capable de gérer le meme nombre de repertoires qu’un serveur IMAP
C) POP limite generalement à 64 le nombre de sous-repertoire dans chaque repertoire (alors que ce limite ne
s’applique pas aux serveurs IMAP)
D) POP n’est pas capable de gérer des repertoires
2
280
D. Rossi – RES224
Question 8.
Dans l’applicatif Skype, comparez le volume du trafic de signalisation (e.g., gestion et maintenance du réseau
overlay, recherche et notification des contacts, etc.) contre le volume du trafic générés par les services (appel
voix, vidéo, chat, etc) :
A) les services sont généralement prédominants par rapport à la signalisation
B) la signalisation est généralement prédominante par rapport aux services
C) les deux volumes sont généralement comparables
Question 9. Considerez un système peer-2-peer (P2P) où la localisation des ressources est gérée par un
serveur centrale S : quand le peer A veut rapatrier une ressource R, qui est stoqué chez les peers B et C :
A) seulement les reponses concernant la localisation de R, mais pas les messages portant la ressource R,
transitent par S
B) aussi bien les requetes/reponses concernant la localisation de R que les messages portant la ressource R,
transitent par S
C) seulement les requetes/reponses concernant la localisation de R, mais pas les messages portant la ressource
R, transitent par S
D) seulement les requetes concernant la localisation de R, mais pas les messages portant la ressource R, transitent par S
Question 10.
Lequel parmi les suivants n’est pas un algorithme implémenté par BitTorrent ?
A) Optimistic Unchoking
B) Rarest First
C) Restrained Flooding
D) Anti-snubbing
E) Chocking
Question 11.
La diffusion de fichier par BitTorrent repose sur la parcellisation du fichier à transmettre (de taille F) en
pièces (de taille M). Par rapport à [1], comment la taille de ces pièces est elle choisie ? Quel est son valeur
typique ?
[1] P. Marciniak et al., “Small is not always beautiful,” USENIX IPTPS 2008, Tampa Bay, FL, 2008
A) la taille des pièces est spécifiée dans un document normatif BEP ; elle est généralement de 256 KBytes
B) la taille des pièces n’est pas specifiée par le protocole ; elle est généralement de 16 KBytes
C) la taille des pièces est spécifiée dans un document normatif IETF RFC ; elle est généralement de 256 KBytes
D) la taille des pièces détermine le nombre de pièces F/M dont le fichier .torrent doit reporter un checksum
pour en vérifier l’intégrité : la taille des pièces est choisie pour limiter la taille résultante du fichier .torrent ;
elle est généralement de 256 KBytes
Question 12. Considerons le mecanisme du “GET conditionnel” de l’application Web, qui permet de vérifier
si le contenu du cache d’un Proxy, et en particulier un objet adressé par une URL specifique, est à jour : laquelle
parmi les affirmations suivantes est vraie ?
A) ce mecanisme n’utilise pas une méthode HTTP dediée mais la méthode HTTP GET, en conjonction avec
une option specifiée par le Proxy dans les lignes suivant la première (i.e., dans les header lines) du message
de requête HTTP ; le serveur repond dans tous les cas à cette requête, mais sa reponse ne contient l’objet
en question que si ce dernier a changé
B) ce mecanisme n’utilise pas la méthode HTTP GET mais une méthode HTTP dediée, qui est donc specifiée
par le Proxy dans la première ligne (i.e., request line) du message de requête HTTP ; le serveur repond
dans tous les cas à cette requête, mais sa reponse ne contient l’objet en question que si ce dernier a changé
3
6.1 Enoncé du 25/11/2011
C) ce mecanisme n’utilise pas une méthode HTTP dediée mais la méthode HTTP GET, en conjonction avec
une option specifiée par le Proxy dans les lignes suivant la première (i.e., dans les header lines) du message
de requête HTTP ; le serveur repond uniquement si l’objet en question à changé, et le Proxy peut donc
implicitement en deduir si l’objet en question a changé
D) ce mecanisme n’utilise pas la méthode HTTP GET mais une méthode HTTP dediée, qui est donc specifiée
par le Proxy dans la première ligne (i.e., request line) du message de requête HTTP ; le serveur repond
uniquement si l’objet en question à changé, et le Proxy peut donc implicitement en deduir si l’objet en
question a changé
Question 13. Les messages DISCOVERY du protocole DHCP :
A) sont periodiquement envoyés par les serveurs DHCP, pour verifier si des nouveaux hotes ont besoin d’etre
parametrés, et contiennent la plage d’addresses courament disponible
B) sont periodiquement envoyés par les serveurs DHCP, pour verifier si des nouveaux hotes ont besoin d’etre
parametrés, mais ne contiennent pas la plage d’addresses courament disponible
C) sont envoyé par les clients DHCP qui n’ont pas encore un addresse IP pour decouvrir les serveurs DHCP
present dans le reseau, et peuvent contenir l’addresse preferentiel que le client souhaite recevoir
D) sont envoyé par les clients DHCP qui n’ont pas encore un addresse IP pour decouvrir les serveurs DHCP
present dans le reseau, mais ne contiennent pas d’addresse preferentiel que le client souhaite recevoir
Question 14. Le Start of Authority (SOA) :
A) est un champ obligatoire du database DNS qui demarque une zone et qui specifie des parametres temporels
(e.g., temps de caching, temps entre transfers de zone, etc.)
B) est un champ optionnel du database DNS qui specifie des parametres temporels (e.g., temps de caching,
temps entre transfers de zone, etc.) lorsque ceci sont different par les default du DNS
C) est un commande de l’application DNS qui permet le transfer de la base de donnée entre le serveur primaire
et serveur secondaire
D) est un commande de l’application DNS qui permet un echange de role entre le serveur primaire et serveur
secondaire
Question 15.
Quels sont les avantages et inconvenients du paradigme peer-2-peer par rapport au paradigme client-server
A) passage à l’échelle et robustesse, au detriment de complexité d’implementation
B) passage à l’échelle et simplicité d’implementation, au detriment de robustesse
C) simplicité d’implementation et robustesse, au detriment du passage à l’échelle
Question 16. Dans un système P2P BitTorrent, le fichier à partager (de taille F) est parcellisé en morceaux
(de taille M). L’article [1] illustre comment les performance de téléchargement dépendent de la taille M.
Spécialement, dans le cas de diffusion de très grand fichiers (F¿¿M), que se passe-t-il lorqsue on choisit de
morceaux de très petite taille ?
[1] P. Marciniak et al., “Small is not always beautiful,” USENIX IPTPS 2008, Tampa Bay, FL, 2008
A) les performance du système deviennent optimales, car plus la taille des morceaux est petite, plus la diffusion
est dynamique (réduisant les pièces rares) et rapide (car la probabilité de rester bloqués sur une pièce rare
se réduit).
B) la très petite taille des morceaux engendre un sur-coût de communication (e.g., augmentation du nombre
des messages de type “HAVE”, augmentation de la longueur des messages de type “Bitfield”) qui, à lui
tout seul, réduit l’efficacité de la diffusion (car la quantité de données à transférer augmente énormément)
C) lorsque la taille des morceaux devient trop petite, le temps de diffusion s’allonge d’un part en raison de la
diminution d’efficacité de chaque connexion TCP (e.g., car à chaque nouveau échange, ou après inactivités,
les paramètres de la connexion sont réinitialisés), d’autre part en raison de la diminution d’efficacité
du “pipelining” des requêtes sur l’ensemble des connexions TCP (car si les morceaux sont rapidement
téléchargés, on paye le prix lié au délai pour la diffusion des nouvelles requêtes).
4
282
D. Rossi – RES224
Question 17. Considerez un message DNS correspondant à une reponse pour une resolution de nom, qui
porte multiple reponses. Lequel parmi les noms de domaine suivants, reporté en hexadecimal, ne peut pas etre
reperé dans un message applicatif DNS valable ?
A) 03 77 77 77 06 67 6F 6F 67 6C 65 02 66 72
B) 03 77 77 77 11 74 65 6C 65 63 6F 6D 2D 70 61 72 69 73 74 65 63 68 02 66 72 00
C) 03 6E 73 33 c0 10
D) c0 10
Question 18. Le protocole HTTP :
A) est un protocole qui ne gere que l’état representé par les cookies
B) est un protocole qui ne gere que l’état nécessaire pour l’authentication des usager
C) est un protocole sans état
D) est un protocole à état
Question 19.
Les serveurs YouTube implémentent un algorithme de contrôle de flux au niveau applicatif qui est défini
“block sending” en [1]. En indiquant avec RT T le délai d’allée-retour entre le server YouTube et le PC usager
(en secondes), avec R le débit d’encodage de la vidéo (en bits par seconde) et avec P la taille des segments (en
octets), comment cet algorithme se déroule ?
[1] S. Alckok, R. Nelson, Application flow control in YouTube video streams, ACM SIGCOMM CCR Vol.
41, No. 2, April 2011
A) plusieurs fois par RT T l’application génère un bloc de RT /(8P ) messages qui sont passés à TCP pour la
segmentation et l’envoi ; la durée de transmission d’un bloc (i.e., temps entre le premier et le RT /(8P )-ème
paquets) est très bref (et en générale << RT T ), et comme T << RT T , plusieurs blocs sont donc envoyés
chaque RT T .
B) chaque T > RT T , un bloc d’octets de longueur RT est passés de l’application à TCP, qui les envoye
comme rafale de RT /(8P ) paquets ; la durée de transmission d’un bloc (i.e., temps entre le premier et le
RT /(8P )-ème paquets) est très bref (et en générale << RT T ).
C) chaque T > RT T , un bloc d’octets de longueur RT est passé de l’application à TCP, qui les découpe en
RT /(8P ) paquets ; TCP envoie ces paquets espacés dans le temps (i.e. la laps de temps entre deux paquets
d’un même bloc est donc environ 8P RT T /(RT )) ; la durée de transmission d’un bloc est donc environ un
RT T .
Question 20.
Quel est le rôle de l’entité “tracker” en BitTorrent ?
A) le tracker assiste les Peers lorsqu’il entrent dans le système, en leur envoyant une liste de Peers à contacter
B) le tracker assiste les Peers lorsqu’il entrent dans le système, en leur envoyant la liste des Chunks dans lequel
le fichier à été parcellisé
C) le tracker assiste les Peers lorsqu’il entrent dans le système, en leur envoyant aléatoirement quelques Chunks
dans lequel le fichier à été parcellisé
Question 21. Dans le paradigme client-server,
A) le client est l’host qui prend l’initiative de contacter le server
B) le server est l’host qui initie la communication (i.e., celui qui effectue une “open active” de la connexion)
C) un host peut etre soit client soit server, mais pas les deux à la fois
Question 22. YouTube est un service de vision de contenu multimédia (e.g., vidéos encodé avec un débit
moyen R) qui implémente un algorithme de contrôle de flux au niveau applicatif [1]. Cet algorithme se superpose
aux contrôles de flux et congestion élastique implémentés par TCP : de combien de phases se compose cet
algorithme, et quel est l’intérêt de chaque phase ?
[1] S. Alckok, R. Nelson, Application flow control in YouTube video streams, ACM SIGCOMM CCR Vol.
41, No. 2, April 2011
5
6.1 Enoncé du 25/11/2011
A) L’algorithme se compose de deux phases : dans la première l’application donne à TCP les données à une
vitesse R′ >> R, dans la deuxième la vitesse baisse à environ R. La première phase essaye de réduire
le délai initiale en remplissant aussi vite que possible (i.e., à la vitesse de TCP) le tampon de vision de
l’usager. La deuxième phase essaye de n’envoyer pas plus que nécessaire (i.e., la vitesse du taux d’encodage
de la vidéo) à l’usager, car ce dernier pourrait interrompre la vision de la vidéo à tout moment.
B) L’algorithme se compose de deux phases : dans la première l’application donne à TCP les données à une
vitesse R′ >> R, dans la deuxième la vitesse baisse à environ R. La première phase essaye de réduire le
délai initiale en remplissant aussi vite que possible (i.e., beaucoup plus rapidement que TCP ne le ferait,
donc R′ >> RT CP > R) le tampon de vision de l’usager. La deuxième phase essaye de n’envoyer pas
plus que nécessaire (i.e., la vitesse du taux d’encodage de la vidéo) à l’usager, car ce dernier pourrait
interrompre la vision de la vidéo à tout moment.
C) L’algorithme se compose d’une seule phase, qui limite le taux d’envoi des donnés à la vitesse R. Son but
est de n’envoyer pas plus que nécessaire (i.e., la vitesse du taux d’encodage de la vidéo) à l’usager, car ce
dernier pourrait interrompre la vision de la video à tout moment
Question 23. Le téléchargement des vidéos sur YouTube se fait de façon différente lorsque l’usager accède
au portail depuis un PC par rapport aux accès via un terminal mobile (e.g., tel qu’un smartphone). De façon
générale, [1] explique que :
[1] A. Finamore et al. “YouTube everywhere : Impact of Device and Infrastructure Synergies on User Experience”, In ACM IMC’11, Nov 2011
A) dans le cas d’accès via PC, la vidéo est parcellisée en plusieurs “chunks”, qui sont demandés via des requêtes
HTTP GET (qui spécifient les octets à télécharger en exploitant l’entête “Range” du protocole HTTP)
et qui sont ensuite telechargés en exploitant la même connexion TCP
B) dans le cas d’accès via PC, la vidéo est parcellisée en plusieurs “chunks”, qui sont téléchargés en exploitant
plusieurs connexions TCP en parallèle ouvertes vers différents serveurs
C) dans le cas d’accès via PC, le transfert a lieu en plusieurs phases, dont notamment une phase de redirection
(qui engendre potentiellement une chaı̂ne de redirections HTTP vers différent serveurs de contenu) avant
le démarrage du transfert de la video
Question 24. Laquelle parmi les affirmations suivantes concernant les zones et domaines DNS est fausse ?
A) un domaine est un sous-arbre de l’espace de nommage
B) zone et domaine sont synonymes, car il n’y a pas de difference sémantique entre les deux termes
C) un sous-domaine est entierement contenu dans un domaine
D) une zone est un lieu administratif
Question 25. Le decouplage de l’architecture de messagerie en serveurs SMTP et POP/IMAP :
A) evite la necessité de synchronization entre emetteur (qui utilise SMTP pour envoyer le message) et recepteur
(qui utilise POP/IMAP)
B) est en réalité fictive, car ces different services (SMTP, POP, IMAP) sont typiquement offert pas le meme
serveur
C) est lié au mechanisme dit de “backward compatibility”, c’est à dire de compatibilité des nouveaux systèmes
(SMTP) avec les systèmes existant (POP/IMAP)
D) est consequence de l’évolution du service de messagerie, et notamment de la possibilité d’envoyer different
‘ ‘attachments” (i.e., pièce-jointes) avec le corps textuel du message
Question 26. Laquelle parmi les affirmation suivantes est fausse ?
A) Le développeur a un contrôle total de la partie application des sockets, mais il n’a que peu de contrôle sur
la partie transport
B) La socket est parfois implementée en hardware pour des raisons de performance
C) La socket est l’interface entre la couche application et la couche transport d’un hôte
D) La socket est la porte d’entrée/sortie des données du réseau vers un processus applicatif executé sur un hôte
6
284
D. Rossi – RES224
Question 27. Concernant le Post Office Protocol POP3 et les repertoires de stockage des messages :
A) POP n’impose pas une limite au nombre de repertoirs, (pourvu que la taille totale des messages n’excède
pas la taille totale disponible à l’usager)
B) POP limite generalement à 64 le nombre de sous-repertoire dans chaque repertoire (alors que ce limite ne
s’applique pas aux serveurs IMAP)
C) POP n’est pas capable de gérer des repertoires
D) POP est capable de gérer le meme nombre de repertoires qu’un serveur IMAP
Question 28. Le téléchargement des vidéos de YouTube peut engendrer la transmission de données nonutiles, par exemple (i) lorsque la vision des vidéos est interrompue par les usagers, ou (ii) lorsque les mêmes
données sont téléchargés plusieurs fois (e.g., un total de X bytes telechargés pour une vidéo de longueur Y < X).
Vis-Ã -vis de ces deux possibilités, les auteurs de [1] font remarquer que :
[1] A. Finamore et al. “YouTube everywhere : Impact of Device and Infrastructure Synergies on User Experience”, In ACM IMC’11, Nov 2011
A) (i) les usagers interrompent souvent la vision des vidéos (plus que la moitié des vidéos est regardée pendant
moins que 1/5eme de sa longueur)
(ii) on ne rencontre jamais un excès de données transférées (i.e., soit X = Y , soit X < Y lorsque la vidéo
est interrompue)
B) (i) les usagers interrompent exceptionnellement la vision des vidéos (seul 1/10eme des vidéos sont regardés
au plus la moitié de leur longueurs)
(ii) on ne rencontre jamais un excès de données transférées (i.e., soit X = Y , soit X < Y dans les rares
cas où la vidéo est interrompue)
C) (i) les usagers interrompent souvent la vision des vidéos (plus que la moitié des vidéos est régardée pendant
moins que 1/5eme de sa longueur)
(ii) dans le cas de YouTube sur mobile, il est possible que les données soient téléchargées plusieurs fois
suite à une mauvaise interaction entre TCP et les requêtes au niveau application (ce qui se produit au
plus dans un tiers des cas, avec parfois X > 4Y ).
7
6.1 Enoncé du 25/11/2011
Prénom
Nom
ASCII Code Table
0
1
2
3
4
5
6
7
8
9
A
B
C
D
E
F
0
NUL
SOH
STX
ETX
EOT
ENQ
ACK
BEL
BS
HT
LF
VT
FF
CR
SO
SI
1
DLE
DC1
DC2
DC3
DC4
NAK
SYN
ETB
CAN
EM
SUB
ESC
FS
GS
RS
US
2
space
!
”
#
$
%
&
’
(
)
*
+
,
.
/
3
0
1
2
3
4
5
6
7
8
9
:
;
<
=
>
?
4
@
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
5
P
Q
R
S
T
U
V
W
X
Y
Z
[
\
]
^
6
‘
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
7
p
q
r
s
t
u
v
w
x
y
z
{
|
}
∼
del
Example : le charactere ASCII ”A” correspond à ”41” en notation hexadecimale
8