Type “google.com” into the browser and hit enter

What happens next?1 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

How the Internet worksGraeme Mathieson

Email me: mathie@woss.nameTweet me: @mathie

2 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

google.com ⏎3 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Is it a URL?· Yep. OK, cool, my work here is done.

· Kinda. Well, let’s turn it into a well formed URL.· Nope. OK, I’m gonna assume you meant to search for something. Let’s turn it into a well

formed URL for a web search.

4 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

HTTP Strict Transport Security

Does this site prefer HTTPS?· Strict-Transport-Security header from

a previous request?· In the browser’s list of HSTS preloads?

5 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

HTTP Strict Transport Security

Does this site prefer HTTPS?· Yep OK, set the URL scheme to https.

· Nope Fine then. If you don’t care for security…

6 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

https://google.com/7 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Browser cacheIs the URL in the browser cache?

· Yep Let’s check it’s still valid.· Nope Well, we’re going to have to fetch it.

8 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Browser cacheIs the cached content still valid?

ExpiresCache-Control: max-age

· Yep Awesome. We might skip a network request!· Nope OK, let’s check in with the server.

9 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Browser cacheShould the cached content be revalidated?Cache-Control: must-revalidate

· Yep OK, let’s check in with the server.· Nope Awesome. Skip to rendering!

10 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Parse the URL· Scheme: “https”

· Authority: “google.com”· Path: “/“

11 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

DNS Lookup: Browser cacheIs the hostname in the browser’s cache?· Yep Awesome, let’s use that IP address.

· Nope OK, we’re going to have to do this the hard way.

12 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

DNS Lookup: OS resolver

Is the hostname in the operating system’s cache?· Yep Job done. We’ll use that IP address.

· Nope OK, we’re really going to have to look it up.

13 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Name Service Switch· Check /etc/hosts

· Try multicast DNS· Perform a DNS lookup

14 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

DNS LookupGet the IP address of a name server

· From DHCP· Statically configured

15 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

DNS Record Types· A and AAAA are address records: mappings from

name to IP address.· PTR is a reverse mapping from IP address to

name· NS is a pointer to a name server.

· Other record types: SOA, CNAME, MX, TXT.

16 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Send the DNS requestNew is Apple iOS 9 & El Capitan

· Send out an AAAA request; and· Send out an A request, in parallel.

17 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Recursive DNS requestIs the record in the name server’s cache?

· Yep Is it still valid? (TTL) If so, return the record. Job done.

· Nope OK, we’ll need to look it up.

18 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Upstream DNS serverIs our local DNS server configured to have one or

more upstream servers?· Yep OK, let’s pass the request off to an upstream

and let it figure out the answer.· Nope Damn. We’re going to have to do the hard

work ourselves.

19 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Root DNS Servers· 13 well-known IP addresses of root servers.

· Really, they’re hundreds of machines distributed globally.

· Authoritative for the root zone.

20 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

DNS AuthorityRoot servers are authoritative for the root zone.Know the canonical answer for who serves each

TLD: “.com”, “.net”, “.uk”, etc.

21 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

What’s the A record for “google.com”?

22 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Root serversWhat’s the A record for “google.com”?

· No idea, but here’s the list of name servers for “.com”.

· Oh, and have the IP addresses of those name servers, too.

23 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Authoritative servers for “.com”What’s the A record for “google.com”?

· No idea, but here’s a list of name servers for “google.com”.

· Oh, and have the IP addresses of those name servers, too.

24 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Authoritative servers for “google.com”What’s the A record for “google.com”?

· Hey, I know this! Here’s a list of IP addresses!

25 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Figuring out the TCP portWhat TCP port should we connect to?

· Figure out from the URL scheme· Ask the operating system: getservbyname()

· Name Service Switch· grep '^https.*tcp' /etc/services

26 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Making a TCP connectionWe know the IP address and port. Now we can

connect!

27 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

TCP: Three way handshakeOpen connection, and agree initial sequence

numbers.· -> SYN

· <- SYN+ACK· -> ACK

28 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Transmission Control Protocol (TCP)· Ordered data transfer· Reliable data transfer

· Flow control· Congestion control

29 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

Transport Layer SecurityCreate a secure connection between the client

and server.· Authentication of the server (and, optionally,

the client).· Negotiate a session key.

· Encrypt data between client and server.30 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

HTTP: GET

GET / HTTP/1.1Host: google.com

31 — © 2015 Graeme Mathieson. CC BY-SA 4.0.

FINFIN -> ACK -> FIN -> ACK

TCP/IP Illustrated by W. Richard Stevens<https://woss.name/>

32 — © 2015 Graeme Mathieson. CC BY-SA 4.0.