WebSockets Everywhere: the Future
Transport Protocol for Everything
(Almost)
Dan Shappir
CTO at Ericom Software
@DanShappir
blog: ericomguy.blogspot.com
Six-time BriForum speaker
Remember DCOM?
● Microsoft Distributed COM, circa 1996
● General purpose communication layer for
client / server
● UDP-bas...
Network Security Realities
● Firewalls/proxies dislike UDP
● Firewalls/proxies often dislike TCP
● Firewalls/proxies like ...
Make Apps Look Like Websites
Use HTTP / HTTPS as an applicative transport
Example: RD Gateway (tunnels RDP through HTTPS)
...
HTTP Was Designed For Docs Not Apps
● Built on TCP Sockets but ...
● Request / Response architecture
o Only client can sen...
Various Workarounds
COMET
● Persistent connections (HTTP 1.1)
● Polling
● Long Polling
● Chunked Response
● Multiple chann...
Problems With Workarounds
● Hacks: error prone
● Complicated
● Compatibility issues
● Headers overhead
o Especially if con...
Need a Better Solution
Flexibility of Sockets + reach of Web (HTTP)
WebSockets - Sockets for the Web
● Part of HTML5: W3C API and IETF Protocol
● Full-duplex, bidirectional communication
● U...
WebSocket Connection Process
1. Client opens new TCP connection to Server
2. Optional SSL (TLS) handshake
3. Client sends ...
WebSocket Request
GET /blaze HTTP/1.1
Host: an.ericom.com
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Key: oY+dTu...
WebSocket Request
GET /blaze HTTP/1.1
Host: an.ericom.com
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Key: oY+dTu...
WebSocket Request
GET /blaze HTTP/1.1
Host: an.ericom.com
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Key: oY+dTu...
WebSocket Request
GET /blaze HTTP/1.1
Host: an.ericom.com
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Key: oY+dTu...
WebSocket Response
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept:kgTM0bjagq...
WebSocket Response
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept:kgTM0bjagq...
WebSocket Response
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept:kgTM0bjagq...
WebSocket Response
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kgTM0bjag...
Packet Oriented Protocol
● After handshake, protocol is sequence of
packets
● Packets comprised of header + payload
● Seve...
WebSocket Packet
Minimally framed: small header + payload
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 ...
Packet Opcodes (Types)
0 - continuation frame
1 - text frame (UTF-8)
2 - binary frame
3-7 - reserved (data)
8 - connection...
WebSockets vs HTTP Bandwidth
Simple JavaScript Example
var ws = new WebSocket("ws://...");
ws.onopen = function () {
ws.send("hello");
};
ws.onmessage ...
Growing Support
● Browsers
o Everybody!
● Webservers
o Most everybody!
● Firewalls
o Often just works
● SSL VPN
o Juniper,...
Benefits of SSL VPNs over VPNs
For Web protocols: HTTP and WebSockets
● No client-side installation
● No client-side confi...
WebSockets For Native Apps
● .NET (4.5) WCF support
● Java EE (JSR-356)
● C/C++ - several Open Source implementations
● PH...
WebSockets Extensions
Utilizing Sec-WebSocket-Extensions in
Request/Response Headers:
1. Compression (deflate)
2. Multiple...
What If It Doesn’t Connect?
● Use standard ports: 80, 443
o Or standard alternate ports: 8080, 8443, 8008
● Use SSL, with ...
Future Protocol For Everything?
No, primarily when UDP is required
● Streaming Video or Video Conferencing
● Remote access...
The Future, Future Protocol
● For UDP: WebRTC with data-channels
o Use WebSockets as fallback
● For TCP: WebSockets
o Use ...
Summary
WebSockets couple the performance and
flexibility of TCP with the reach of HTTP
Prediction: WebSockets will replac...
Upcoming SlideShare
Loading in …5
×

WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)

3,052 views

Published on

WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol.
To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQ

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,052
On SlideShare
0
From Embeds
0
Number of Embeds
250
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • First released as part of Windows NT 4.0
  • RD Gateway now also tries UDP and falls back to HTTPS
  • Origin can only be trusted with web clients (how do you know if it’s a web client?)
  • Header size: 2 - 14 bytes

    Length: 0-125 (7 bit)
    126 + 16 bit
    127 + 64 bit

    For security reasons a client MUST mask all frames that it sends to the server. The server MUST close the connection upon receiving a frame that is not masked.
    A server MUST NOT mask any frames that it sends to the client. A client MUST close a connection if it detects a masked frame.

    Masking is required to avoid proxy cache poisoning
  • Source: Microsoft
    Comparison of the unnecessary network throughput overhead between the polling and the WebSocket applications
  • Additional events: onclose and onerror
  • SSL encrypted WebSockets have better chance of making it through
  • The client initiates the negotiation by advertising the permessage-deflate extension in the Sec-Websocket-Extensions header. In turn, the server must confirm the advertised extension by echoing it in its response.
    Both client and server can selectively compress individual frames: if the frame is compressed, the RSV1 bit in the WebSocket frame header is set
  • Or is very slow
  • WebRTC data-channels utilize SCTP - Stream Control Transmission Protocol
    https://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol
  • WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)

    1. 1. WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
    2. 2. Dan Shappir CTO at Ericom Software @DanShappir blog: ericomguy.blogspot.com Six-time BriForum speaker
    3. 3. Remember DCOM? ● Microsoft Distributed COM, circa 1996 ● General purpose communication layer for client / server ● UDP-based, using ports 1024-5000 ● COM succeeded; DCOM failed Can you guess why?
    4. 4. Network Security Realities ● Firewalls/proxies dislike UDP ● Firewalls/proxies often dislike TCP ● Firewalls/proxies like HTTP (80) and HTTPS (443) o But dislike most any other port Stateful Inspection means that just tunneling through ports 80 and 443 isn’t enough
    5. 5. Make Apps Look Like Websites Use HTTP / HTTPS as an applicative transport Example: RD Gateway (tunnels RDP through HTTPS) ● Web Services ● XML and SOAP ● RESTful APIs ● JSON ● AJAX
    6. 6. HTTP Was Designed For Docs Not Apps ● Built on TCP Sockets but ... ● Request / Response architecture o Only client can send Requests o Server can only Respond to Requests o Can’t send another Request before Response ● Header on every Request / Response o Up to 8KB each
    7. 7. Various Workarounds COMET ● Persistent connections (HTTP 1.1) ● Polling ● Long Polling ● Chunked Response ● Multiple channels ● Pipelining ● Two-way HTTP
    8. 8. Problems With Workarounds ● Hacks: error prone ● Complicated ● Compatibility issues ● Headers overhead o Especially if contains cookies
    9. 9. Need a Better Solution Flexibility of Sockets + reach of Web (HTTP)
    10. 10. WebSockets - Sockets for the Web ● Part of HTML5: W3C API and IETF Protocol ● Full-duplex, bidirectional communication ● Unsecured (TCP) and secured (SSL) modes ● Traverses firewalls, proxies and routers ● Text (UTF-8) and binary data ● Ping/Pong messages for keep-alive ● Share ports 80 and 443 with HTTP/HTTPS
    11. 11. WebSocket Connection Process 1. Client opens new TCP connection to Server 2. Optional SSL (TLS) handshake 3. Client sends HTTP GET Request 4. Server sends HTTP Response 5. Magic: Client & Server communicate using WebSocket packets
    12. 12. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
    13. 13. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
    14. 14. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
    15. 15. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
    16. 16. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
    17. 17. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
    18. 18. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
    19. 19. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol: ericom|accessnow.3
    20. 20. Packet Oriented Protocol ● After handshake, protocol is sequence of packets ● Packets comprised of header + payload ● Several packet types ● Peers receive full data packets payload o Not partial packets / bytes o Not control packets
    21. 21. WebSocket Packet Minimally framed: small header + payload 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 F I N R S V 1 R S V 2 R S V 3 opcode(4) M A S K payload len(7) extended payload len(16/64) extended payload len continued(16/64) masking key(0/32) masking key continued payload ...
    22. 22. Packet Opcodes (Types) 0 - continuation frame 1 - text frame (UTF-8) 2 - binary frame 3-7 - reserved (data) 8 - connection close 9 - ping 10 - pong 11-15 - reserved (control)
    23. 23. WebSockets vs HTTP Bandwidth
    24. 24. Simple JavaScript Example var ws = new WebSocket("ws://..."); ws.onopen = function () { ws.send("hello"); }; ws.onmessage = function (event) { console.log(event.data); };
    25. 25. Growing Support ● Browsers o Everybody! ● Webservers o Most everybody! ● Firewalls o Often just works ● SSL VPN o Juniper, Cisco, CheckPoint, …
    26. 26. Benefits of SSL VPNs over VPNs For Web protocols: HTTP and WebSockets ● No client-side installation ● No client-side configuration ● Any client device
    27. 27. WebSockets For Native Apps ● .NET (4.5) WCF support ● Java EE (JSR-356) ● C/C++ - several Open Source implementations ● PHP - Rachet ● Node.js - multiple libraries
    28. 28. WebSockets Extensions Utilizing Sec-WebSocket-Extensions in Request/Response Headers: 1. Compression (deflate) 2. Multiplexing
    29. 29. What If It Doesn’t Connect? ● Use standard ports: 80, 443 o Or standard alternate ports: 8080, 8443, 8008 ● Use SSL, with proper certificates ● Upgrade SSL VPN, Firewall, … ● Disable anti-virus o Or exception, or disable packet inspection ● Fallback to HTTP / HTTPS
    30. 30. Future Protocol For Everything? No, primarily when UDP is required ● Streaming Video or Video Conferencing ● Remote access over bad connections (“Framehawk” scenario)
    31. 31. The Future, Future Protocol ● For UDP: WebRTC with data-channels o Use WebSockets as fallback ● For TCP: WebSockets o Use HTTP / HTTPS as fallback ● HTTP / HTTPS for RESTful APIs
    32. 32. Summary WebSockets couple the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol Existing protocols wrapped in WebSockets

    ×