Your SlideShare is downloading. ×
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)

975

Published on

WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol. …

WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol.
To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQ

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
975
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • First released as part of Windows NT 4.0
  • RD Gateway now also tries UDP and falls back to HTTPS
  • Origin can only be trusted with web clients (how do you know if it’s a web client?)
  • Header size: 2 - 14 bytes

    Length: 0-125 (7 bit)
    126 + 16 bit
    127 + 64 bit

    For security reasons a client MUST mask all frames that it sends to the server. The server MUST close the connection upon receiving a frame that is not masked.
    A server MUST NOT mask any frames that it sends to the client. A client MUST close a connection if it detects a masked frame.

    Masking is required to avoid proxy cache poisoning
  • Source: Microsoft
    Comparison of the unnecessary network throughput overhead between the polling and the WebSocket applications
  • Additional events: onclose and onerror
  • SSL encrypted WebSockets have better chance of making it through
  • The client initiates the negotiation by advertising the permessage-deflate extension in the Sec-Websocket-Extensions header. In turn, the server must confirm the advertised extension by echoing it in its response.
    Both client and server can selectively compress individual frames: if the frame is compressed, the RSV1 bit in the WebSocket frame header is set
  • Or is very slow
  • WebRTC data-channels utilize SCTP - Stream Control Transmission Protocol
    https://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol
  • Transcript

    • 1. WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
    • 2. Dan Shappir CTO at Ericom Software @DanShappir blog: ericomguy.blogspot.com Six-time BriForum speaker
    • 3. Remember DCOM? ● Microsoft Distributed COM, circa 1996 ● General purpose communication layer for client / server ● UDP-based, using ports 1024-5000 ● COM succeeded; DCOM failed Can you guess why?
    • 4. Network Security Realities ● Firewalls/proxies dislike UDP ● Firewalls/proxies often dislike TCP ● Firewalls/proxies like HTTP (80) and HTTPS (443) o But dislike most any other port Stateful Inspection means that just tunneling through ports 80 and 443 isn’t enough
    • 5. Make Apps Look Like Websites Use HTTP / HTTPS as an applicative transport Example: RD Gateway (tunnels RDP through HTTPS) ● Web Services ● XML and SOAP ● RESTful APIs ● JSON ● AJAX
    • 6. HTTP Was Designed For Docs Not Apps ● Built on TCP Sockets but ... ● Request / Response architecture o Only client can send Requests o Server can only Respond to Requests o Can’t send another Request before Response ● Header on every Request / Response o Up to 8KB each
    • 7. Various Workarounds COMET ● Persistent connections (HTTP 1.1) ● Polling ● Long Polling ● Chunked Response ● Multiple channels ● Pipelining ● Two-way HTTP
    • 8. Problems With Workarounds ● Hacks: error prone ● Complicated ● Compatibility issues ● Headers overhead o Especially if contains cookies
    • 9. Need a Better Solution Flexibility of Sockets + reach of Web (HTTP)
    • 10. WebSockets - Sockets for the Web ● Part of HTML5: W3C API and IETF Protocol ● Full-duplex, bidirectional communication ● Unsecured (TCP) and secured (SSL) modes ● Traverses firewalls, proxies and routers ● Text (UTF-8) and binary data ● Ping/Pong messages for keep-alive ● Share ports 80 and 443 with HTTP/HTTPS
    • 11. WebSocket Connection Process 1. Client opens new TCP connection to Server 2. Optional SSL (TLS) handshake 3. Client sends HTTP GET Request 4. Server sends HTTP Response 5. Magic: Client & Server communicate using WebSocket packets
    • 12. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
    • 13. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
    • 14. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
    • 15. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
    • 16. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
    • 17. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
    • 18. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
    • 19. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol: ericom|accessnow.3
    • 20. Packet Oriented Protocol ● After handshake, protocol is sequence of packets ● Packets comprised of header + payload ● Several packet types ● Peers receive full data packets payload o Not partial packets / bytes o Not control packets
    • 21. WebSocket Packet Minimally framed: small header + payload 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 F I N R S V 1 R S V 2 R S V 3 opcode(4) M A S K payload len(7) extended payload len(16/64) extended payload len continued(16/64) masking key(0/32) masking key continued payload ...
    • 22. Packet Opcodes (Types) 0 - continuation frame 1 - text frame (UTF-8) 2 - binary frame 3-7 - reserved (data) 8 - connection close 9 - ping 10 - pong 11-15 - reserved (control)
    • 23. WebSockets vs HTTP Bandwidth
    • 24. Simple JavaScript Example var ws = new WebSocket("ws://..."); ws.onopen = function () { ws.send("hello"); }; ws.onmessage = function (event) { console.log(event.data); };
    • 25. Growing Support ● Browsers o Everybody! ● Webservers o Most everybody! ● Firewalls o Often just works ● SSL VPN o Juniper, Cisco, CheckPoint, …
    • 26. Benefits of SSL VPNs over VPNs For Web protocols: HTTP and WebSockets ● No client-side installation ● No client-side configuration ● Any client device
    • 27. WebSockets For Native Apps ● .NET (4.5) WCF support ● Java EE (JSR-356) ● C/C++ - several Open Source implementations ● PHP - Rachet ● Node.js - multiple libraries
    • 28. WebSockets Extensions Utilizing Sec-WebSocket-Extensions in Request/Response Headers: 1. Compression (deflate) 2. Multiplexing
    • 29. What If It Doesn’t Connect? ● Use standard ports: 80, 443 o Or standard alternate ports: 8080, 8443, 8008 ● Use SSL, with proper certificates ● Upgrade SSL VPN, Firewall, … ● Disable anti-virus o Or exception, or disable packet inspection ● Fallback to HTTP / HTTPS
    • 30. Future Protocol For Everything? No, primarily when UDP is required ● Streaming Video or Video Conferencing ● Remote access over bad connections (“Framehawk” scenario)
    • 31. The Future, Future Protocol ● For UDP: WebRTC with data-channels o Use WebSockets as fallback ● For TCP: WebSockets o Use HTTP / HTTPS as fallback ● HTTP / HTTPS for RESTful APIs
    • 32. Summary WebSockets couple the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol Existing protocols wrapped in WebSockets

    ×