websockets everywhere: the future transport protocol for everything (almost)
DESCRIPTION
WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol. To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQTRANSCRIPT
![Page 1: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/1.jpg)
WebSockets Everywhere: the Future Transport Protocol for Everything
(Almost)
![Page 2: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/2.jpg)
Dan Shappir
CTO at Ericom Software
@DanShappir
blog: ericomguy.blogspot.com
Six-time BriForum speaker
![Page 3: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/3.jpg)
Remember DCOM?
● Microsoft Distributed COM, circa 1996● General purpose communication layer for
client / server● UDP-based, using ports 1024-5000● COM succeeded; DCOM failed
Can you guess why?
![Page 4: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/4.jpg)
Network Security Realities
● Firewalls/proxies dislike UDP● Firewalls/proxies often dislike TCP● Firewalls/proxies like HTTP (80) and HTTPS
(443)o But dislike most any other port
Stateful Inspection means that just tunneling through ports 80 and 443 isn’t enough
![Page 5: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/5.jpg)
Make Apps Look Like Websites
Use HTTP / HTTPS as an applicative transportExample: RD Gateway (tunnels RDP through HTTPS)
● Web Services● XML and SOAP● RESTful APIs● JSON● AJAX
![Page 6: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/6.jpg)
HTTP Was Designed For Docs Not Apps
● Built on TCP Sockets but ...● Request / Response architecture
o Only client can send Requestso Server can only Respond to Requestso Can’t send another Request before Response
● Header on every Request / Responseo Up to 8KB each
![Page 7: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/7.jpg)
Various Workarounds
COMET● Persistent connections (HTTP 1.1)● Polling● Long Polling● Chunked Response● Multiple channels● Pipelining● Two-way HTTP
![Page 8: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/8.jpg)
Problems With Workarounds
● Hacks: error prone● Complicated● Compatibility issues● Headers overhead
o Especially if contains cookies
![Page 9: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/9.jpg)
Need a Better Solution
Flexibility of Sockets + reach of Web (HTTP)
![Page 10: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/10.jpg)
WebSockets - Sockets for the Web
● Part of HTML5: W3C API and IETF Protocol● Full-duplex, bidirectional communication● Unsecured (TCP) and secured (SSL) modes● Traverses firewalls, proxies and routers● Text (UTF-8) and binary data● Ping/Pong messages for keep-alive● Share ports 80 and 443 with HTTP/HTTPS
![Page 11: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/11.jpg)
WebSocket Connection Process
1. Client opens new TCP connection to Server2. Optional SSL (TLS) handshake3. Client sends HTTP GET Request4. Server sends HTTP Response5. Magic: Client & Server communicate using
WebSocket packets
![Page 12: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/12.jpg)
WebSocket RequestGET /blaze HTTP/1.1Host: an.ericom.comConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw==Sec-WebSocket-Version: 13Sec-WebSocket-Protocol: ericom|accessnow.3Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frameUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36Origin: http://127.0.0.1
![Page 13: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/13.jpg)
WebSocket RequestGET /blaze HTTP/1.1Host: an.ericom.comConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw==Sec-WebSocket-Version: 13Sec-WebSocket-Protocol: ericom|accessnow.3Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frameUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36Origin: http://127.0.0.1
![Page 14: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/14.jpg)
WebSocket RequestGET /blaze HTTP/1.1Host: an.ericom.comConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw==Sec-WebSocket-Version: 13Sec-WebSocket-Protocol: ericom|accessnow.3Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frameUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36Origin: http://127.0.0.1
![Page 15: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/15.jpg)
WebSocket RequestGET /blaze HTTP/1.1Host: an.ericom.comConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: oY+dTudispTU+nqsq5XXVw==Sec-WebSocket-Version: 13Sec-WebSocket-Protocol: ericom|accessnow.3Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frameUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36Origin: http://127.0.0.1
![Page 16: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/16.jpg)
WebSocket ResponseHTTP/1.1 101 Switching ProtocolsConnection: UpgradeUpgrade: websocketSec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q=Sec-WebSocket-Protocol:ericom|accessnow.3
![Page 17: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/17.jpg)
WebSocket ResponseHTTP/1.1 101 Switching ProtocolsConnection: UpgradeUpgrade: websocketSec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q=Sec-WebSocket-Protocol:ericom|accessnow.3
![Page 18: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/18.jpg)
WebSocket ResponseHTTP/1.1 101 Switching ProtocolsConnection: UpgradeUpgrade: websocketSec-WebSocket-Accept:kgTM0bjagqwcNTJaj/VZZZZCJ5Q=Sec-WebSocket-Protocol:ericom|accessnow.3
![Page 19: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/19.jpg)
WebSocket ResponseHTTP/1.1 101 Switching ProtocolsConnection: UpgradeUpgrade: websocketSec-WebSocket-Accept: kgTM0bjagqwcNTJaj/VZZZZCJ5Q=Sec-WebSocket-Protocol: ericom|accessnow.3
![Page 20: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/20.jpg)
Packet Oriented Protocol
● After handshake, protocol is sequence of packets
● Packets comprised of header + payload● Several packet types● Peers receive full data packets payload
o Not partial packets / byteso Not control packets
![Page 21: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/21.jpg)
WebSocket Packet
Minimally framed: small header + payload
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
FIN
RSV1
RSV2
RSV3
opcode(4)MASK
payload len(7)
extended payload len(16/64)
extended payload len continued(16/64)
masking key(0/32)
masking key continued payload ...
![Page 22: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/22.jpg)
Packet Opcodes (Types)
0 - continuation frame1 - text frame (UTF-8)2 - binary frame3-7 - reserved (data)8 - connection close9 - ping10 - pong11-15 - reserved (control)
![Page 23: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/23.jpg)
WebSockets vs HTTP Bandwidth
![Page 24: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/24.jpg)
Simple JavaScript Example
var ws = new WebSocket("ws://...");ws.onopen = function () {
ws.send("hello");};ws.onmessage = function (event) { console.log(event.data);};
![Page 25: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/25.jpg)
Growing Support
● Browserso Everybody!
● Webserverso Most everybody!
● Firewallso Often just works
● SSL VPNo Juniper, Cisco, CheckPoint, …
![Page 26: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/26.jpg)
Benefits of SSL VPNs over VPNs
For Web protocols: HTTP and WebSockets
● No client-side installation● No client-side configuration● Any client device
![Page 27: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/27.jpg)
WebSockets For Native Apps
● .NET (4.5) WCF support● Java EE (JSR-356)● C/C++ - several Open Source implementations● PHP - Rachet● Node.js - multiple libraries
![Page 28: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/28.jpg)
WebSockets Extensions
Utilizing Sec-WebSocket-Extensions in Request/Response Headers:1. Compression (deflate)2. Multiplexing
![Page 29: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/29.jpg)
What If It Doesn’t Connect?
● Use standard ports: 80, 443o Or standard alternate ports: 8080, 8443, 8008
● Use SSL, with proper certificates● Upgrade SSL VPN, Firewall, …● Disable anti-virus
o Or exception, or disable packet inspection
● Fallback to HTTP / HTTPS
![Page 30: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/30.jpg)
Future Protocol For Everything?
No, primarily when UDP is required● Streaming Video or Video Conferencing● Remote access over bad connections
(“Framehawk” scenario)
![Page 31: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/31.jpg)
The Future, Future Protocol
● For UDP: WebRTC with data-channelso Use WebSockets as fallback
● For TCP: WebSocketso Use HTTP / HTTPS as fallback
● HTTP / HTTPS for RESTful APIs
![Page 32: WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)](https://reader036.vdocuments.net/reader036/viewer/2022062513/554fb0a5b4c9057b298b50b1/html5/thumbnails/32.jpg)
Summary
WebSockets couple the performance and flexibility of TCP with the reach of HTTP
Prediction: WebSockets will replace simple TCP as preferred underlying protocol
Existing protocols wrapped in WebSockets