WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
Download as PPTX, PDF1 like3,838 views
The document discusses the evolution and benefits of WebSockets as a transport protocol, highlighting their ability to facilitate full-duplex, bidirectional communication over the web while overcoming limitations of traditional HTTP. It emphasizes WebSockets' compatibility with firewalls and their potential to replace simpler TCP connections, especially in applications that require real-time data exchange. Furthermore, the author predicts that WebSockets will become the preferred protocol for many applications, complementing existing technologies like HTTP/HTTPS and offering extensions for enhanced functionality.
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
- 1. WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
- 2. Dan Shappir CTO at Ericom Software @DanShappir blog: ericomguy.blogspot.com Six-time BriForum speaker
- 3. Remember DCOM? ● Microsoft Distributed COM, circa 1996 ● General purpose communication layer for client / server ● UDP-based, using ports 1024-5000 ● COM succeeded; DCOM failed Can you guess why?
- 4. Network Security Realities ● Firewalls/proxies dislike UDP ● Firewalls/proxies often dislike TCP ● Firewalls/proxies like HTTP (80) and HTTPS (443) o But dislike most any other port Stateful Inspection means that just tunneling through ports 80 and 443 isn’t enough
- 5. Make Apps Look Like Websites Use HTTP / HTTPS as an applicative transport Example: RD Gateway (tunnels RDP through HTTPS) ● Web Services ● XML and SOAP ● RESTful APIs ● JSON ● AJAX
- 6. HTTP Was Designed For Docs Not Apps ● Built on TCP Sockets but ... ● Request / Response architecture o Only client can send Requests o Server can only Respond to Requests o Can’t send another Request before Response ● Header on every Request / Response o Up to 8KB each
- 7. Various Workarounds COMET ● Persistent connections (HTTP 1.1) ● Polling ● Long Polling ● Chunked Response ● Multiple channels ● Pipelining ● Two-way HTTP
- 8. Problems With Workarounds ● Hacks: error prone ● Complicated ● Compatibility issues ● Headers overhead o Especially if contains cookies
- 9. Need a Better Solution Flexibility of Sockets + reach of Web (HTTP)
- 10. WebSockets - Sockets for the Web ● Part of HTML5: W3C API and IETF Protocol ● Full-duplex, bidirectional communication ● Unsecured (TCP) and secured (SSL) modes ● Traverses firewalls, proxies and routers ● Text (UTF-8) and binary data ● Ping/Pong messages for keep-alive ● Share ports 80 and 443 with HTTP/HTTPS
- 11. WebSocket Connection Process 1. Client opens new TCP connection to Server 2. Optional SSL (TLS) handshake 3. Client sends HTTP GET Request 4. Server sends HTTP Response 5. Magic: Client & Server communicate using WebSocket packets
- 12. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
- 13. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
- 14. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
- 15. WebSocket Request GET /blaze HTTP/1.1 Host: an.ericom.com Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw== Sec-WebSocket-Version: 13 Sec-WebSocket-Protocol: ericom|accessnow.3 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Origin: http://127.0.0.1
- 16. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
- 17. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
- 18. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol:ericom|accessnow.3
- 19. WebSocket Response HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: kgTM0bjagqwcNTJaj/VZZZZCJ5Q= Sec-WebSocket-Protocol: ericom|accessnow.3
- 20. Packet Oriented Protocol ● After handshake, protocol is sequence of packets ● Packets comprised of header + payload ● Several packet types ● Peers receive full data packets payload o Not partial packets / bytes o Not control packets
- 21. WebSocket Packet Minimally framed: small header + payload 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 F I N R S V 1 R S V 2 R S V 3 opcode(4) M A S K payload len(7) extended payload len(16/64) extended payload len continued(16/64) masking key(0/32) masking key continued payload ...
- 22. Packet Opcodes (Types) 0 - continuation frame 1 - text frame (UTF-8) 2 - binary frame 3-7 - reserved (data) 8 - connection close 9 - ping 10 - pong 11-15 - reserved (control)
- 23. WebSockets vs HTTP Bandwidth
- 24. Simple JavaScript Example var ws = new WebSocket("ws://..."); ws.onopen = function () { ws.send("hello"); }; ws.onmessage = function (event) { console.log(event.data); };
- 25. Growing Support ● Browsers o Everybody! ● Webservers o Most everybody! ● Firewalls o Often just works ● SSL VPN o Juniper, Cisco, CheckPoint, …
- 26. Benefits of SSL VPNs over VPNs For Web protocols: HTTP and WebSockets ● No client-side installation ● No client-side configuration ● Any client device
- 27. WebSockets For Native Apps ● .NET (4.5) WCF support ● Java EE (JSR-356) ● C/C++ - several Open Source implementations ● PHP - Rachet ● Node.js - multiple libraries
- 28. WebSockets Extensions Utilizing Sec-WebSocket-Extensions in Request/Response Headers: 1. Compression (deflate) 2. Multiplexing
- 29. What If It Doesn’t Connect? ● Use standard ports: 80, 443 o Or standard alternate ports: 8080, 8443, 8008 ● Use SSL, with proper certificates ● Upgrade SSL VPN, Firewall, … ● Disable anti-virus o Or exception, or disable packet inspection ● Fallback to HTTP / HTTPS
- 30. Future Protocol For Everything? No, primarily when UDP is required ● Streaming Video or Video Conferencing ● Remote access over bad connections (“Framehawk” scenario)
- 31. The Future, Future Protocol ● For UDP: WebRTC with data-channels o Use WebSockets as fallback ● For TCP: WebSockets o Use HTTP / HTTPS as fallback ● HTTP / HTTPS for RESTful APIs
- 32. Summary WebSockets couple the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol Existing protocols wrapped in WebSockets
Editor's Notes
- #4: First released as part of Windows NT 4.0
- #6: RD Gateway now also tries UDP and falls back to HTTPS
- #16: Origin can only be trusted with web clients (how do you know if it’s a web client?)
- #22: Header size: 2 - 14 bytes Length: 0-125 (7 bit) 126 + 16 bit 127 + 64 bit For security reasons a client MUST mask all frames that it sends to the server. The server MUST close the connection upon receiving a frame that is not masked. A server MUST NOT mask any frames that it sends to the client. A client MUST close a connection if it detects a masked frame. Masking is required to avoid proxy cache poisoning
- #24: Source: Microsoft Comparison of the unnecessary network throughput overhead between the polling and the WebSocket applications
- #25: Additional events: onclose and onerror
- #26: SSL encrypted WebSockets have better chance of making it through
- #29: The client initiates the negotiation by advertising the permessage-deflate extension in the Sec-Websocket-Extensions header. In turn, the server must confirm the advertised extension by echoing it in its response. Both client and server can selectively compress individual frames: if the frame is compressed, the RSV1 bit in the WebSocket frame header is set
- #30: Or is very slow
- #32: WebRTC data-channels utilize SCTP - Stream Control Transmission Protocol https://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol