The Backend Engineering Show with Hussein Nasser

The podcast delves into the evolution of HTTP protocols from 1.0 to HTTP/3 over QUIC, showcasing enhancements like compression, multiplexing, and server push. It also covers the components of an HTTP request, status codes, and headers, offering insights into the development of client-server models.

NAT network address translation is a process of mapping an IP address or IP port pair to another IP address or IP: port. You might be wondering what a software engineer like me doing making a video on a low level networking concept? I have good reasons for that. NAT was originally designed to solve the ipv4 limited IP addresses, but since been used for port forwarding and layer 4 load balancing through the virtual ip address such as Haproxy thats why I decided to make a video about NAT from a software engineer view. In this video we will explain how NAT works and we will explain its applications. 

Tunneling protocol Tcp tunneling Tunneling is the process of encapsulating content from a protocol A into another protocol B, usually because protocol A is blocked or unavailable. In this video we will explain how TCP tunneling works, the applications of TCP tunnels and the pros and cons. Coming up! * TCP Tunneling * Applications * Pros and Cons TCP Tunneling Here is how TCP Tunneling works. Lets say your goal is to access a website that your ISP proxy blocks www.server2.com this is hosted on server2 on port 80. Lets say there is another Server1 that you have access to and Server1 have direct access to Server2. So if you can make Server1 make the request on your behave to Server2 and somehow deliver the results back to you, you just created a tunnel between You and Server1. Here is how it actually works. You create a legit tcp connection over a known protocol such as SSH between you and Server1. You then create a tcp packet that is intended for Sever2 so you tag it with Server2:80. Then you package that packet into another TCP packet intended for Server1! Huh ! Server1:22. You then forward the packet over, your ISP police will see that there is a packet intended to Server1 on port 22. Proxy approves and forwards it over not knowing that you are smuggling content in that packet. Also the proxy cant even look in the content because its encrypted with RSA. Server1 unpacks the package, decrypt and discover that its an other tcp packet. Here is where the shady stuff happen. Server1 now looks and see that the smuggled package is intended for Server2:80, created a connection and delivers the package it, it changes the source ip to its self and keeps track somehow of that. Once it receives the package it knows that this package has to go back to tunnel. The client now have access to the blocked site! What does this look like guys? Yes you guessed it its a VPN. It’s literally like smuggling content inside a package 📦 that looks legitimate. Server1 and Server2 can be the same server There are many types of tunneling Local port forwarding: Remote connection, Socks Proxy: forward pretty much anything (VPN) Reverse Tunneling : Expose local web server publically Applications VPN Securing an insecure connection Anonymity Bypass firewall SOCKS 4 proxy redirect all your traffic regardless of the port to an internal proxy instead which tunnels it. Dynamic port forwarding Pros Secure connection Access blocked services Anonymity Expose internal traffic Cons TCP meltdown (TCP over TCP) Slow retransmission Stateful Local port forwarding Just one app gets forwarded when the local port is requested Socks All apps goes through the proxy Http tunneling TCP VS UDP 1:00 11:00 OSI model 15:40 private vs public ip 18:35 proxy vs reverse proxy 24:30 TLS 11:20 local 16:20 reverse 20:40 socks

  TLS which stands for transport layer security is a protocol for securing communication between client and server. Specifically for HTTPS. Thats what the S is stands for.  In this video, we will learnq how insecure vanilla HTTP works, HTTPS, then we will learn how HTTPS is possible via the transport layer security and finally we will talk about the improvements in 1.3 that was published August 2018.  Vanilla HTTP HTTPS  TLS 1.2 handshake TLS 1.3 enhancements Vanilla HTTP  Before we discuss TLS, HTTPS or anything else lets go through how HTTP request work. You can type in the browser www.husseinnasser.com , the OSI magic kicks in, client figures out the IP address of husseinnasser.com by calling the DNS which uses UDP. Then HTTP application layer makes a GET / request passes in the IP address and port 80 (default for insecure http). This creates an underlying TCP connection. GET / string among other stuff into the packet and send it over. TCP does its thing server receives GET / calls the appropriate process at the backend which could be just return index.html sets content type text/html and sends back big response for client. All of this obviously is plain text no encryption any kind and if you watched the OSI video we made you can tell that people can sniff/snoop packets and get packets they aren’t supposed to get HTTPS Works by negotiating a symmetric key so they can both secure messages. Watch the video we did on encryption. Before we jump to GET request there must be a handshake 🤝 that must occur between the client and server. The tricky part is exchanging that key. Same thing as above except port is 443 instead of 80. Remember once we lose the TCP connection we will have to renegotiate the key. But beauty of this is HTTP is stateless so it remains working just fine.  Tls handshake 🤝  The original TLS handshake involves 4 roundtrips. A client hello which the client includes which encryption algorithms it supports (Both symmteric and asymmetric). The server receives the request then replies back with the server certificate which includes the server public key and also the encryptions that they will change to. The client receives the server hello, generates the premaster key, encrypts it with the server’s public key then send it over. The Server decrypts the message, gets the premaster generates the symmetric key finally tells the client that we are good to go.  Tls 1.3  TLS 1.3 involves much shorter and much secure communication using only deffie hellman as key exchange and just two round trips. 

Encryption is the process of scrambling data to protect personal files, secure communication, hide identities and much more.  In this video we will learn about the different type of encryptions we will talk about symmetric encryption, asymmetrical encryption, where they are used for and the pros and cons of each one.  Symmetric encryption Asymmetrical encrypt  Pros and cons of sym va asym  Symmetric encryption  Might as well just call it classic encryption I would argue and i think this is the first encryption known to us. I have some thing I dont want anyone to see I use a lock key to lock it. Only I can open it unless I have a lock.  The same key you use to encrypt is the same key to Decrypt.  Examples Examples of popular symmetric-key algorithms include  AES Twofish Serpent  DES Twofish, Serpent, AES (Rijndael), Blowfish  CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA  Asymmetrical encryptions  We had symmetric encryptions for a long time, then internet came and networking and we needed to encrypt messages going back and forth. We said cool lets use AES. Then we said wait a second.. the other computer doesnt really have my key so we need to encrypt it..  Also called Public key encryption  1977  Rivest–Shamir–Adleman (RSA)  Diffie–Hellman key exchange protocol DSS (Digital Signature Standard), which incorporates the Digital Signature Algorithm ElGamal Various elliptic curve techniques Various password-authenticated key agreement techniques Paillier cryptosystem RSA encryption algorithm (PKCS#1) Cramer–Shoup cryptosystem YAK authenticated key agreement protocol

  Bandwidth explained from software engineer point of view Bandwidth is measured by how many bits a device is allowed to send/receive in a second. It ranges from your internal network starting from network card all the way to your ISP Internet speed. In this video we will discuss the definition of bandwidth upload vs download speed, the different usage patterns for normal web browsing, streaming, gaming, media production and cloud web servers etc and finally we will show an example of the whole thing. When your ISP gives you 80Mbs download/1Mbs upload bandwidth, this means 80 mega bits download which means your router (and all your devices) can receive (download) a total of 80 mega bits in a second at a time, and it can send (upload) 1 mega bit in a second. With your ISP can you pick and choose your plan that fits your usage. Usage patterns Web Browsing Most people download far more than they upload. So the download bandwidth matter more than upload bandwidth. For simple web browsing the download incoming traffic is slightly larger than the outgoing one. You make a GET request to pull index.html, you get back the html content. Yeah there are some images but still not much of incoming.  Streaming Think about it when you watch a movie in Netflix you make a small request usually in few hundred bytes. But the data you receive (download) is huge. So streaming is constant large incoming data. While still outgoing traffic is minimum. Gaming The bandwidth for gamers is really interesting specially who play online and it really depends on the game. a game might use the server authoritative model, where all the online players send their inputs and receive the final game state changes from the server. In that case the there is a constant upload, still minor but the download bandwidth is larger since state is usually bigger. Games can also use the lock state model or the client authoritative model, where all the clients send their inputs the server and the server just send back all the input from all players back to everyone so everyone calculate the game state locally. So in this efficient model, both the upload and download is quite small and its good for countries with low bandwidth.  Some games require cloud saving which means upload speed is recommended.  In general latency is much better in gaming. Media production  Youtuber and you make 5 videos a day so you need to upload alot of data to the youtube server. So upload speed really matter, and download also matter because you will also consume alot. Web servers Netflix (which is hosted in amazon) they upload data far more than they download. So their upload bandwidth is more than their download bandwidth. All those movies and tv shows pushed to consumers. Example Assume you have bandwidth of 80mb/s download speed (which is 10 Mega bytes per second) and 1mb/s upload (which is 125 KB per second). You are connected to a web server which has 80Gb/s upload and 80Gb/s download bandwidth, which is 10Gigabyte per second. Lets say you want to download a 60GB file or movie (no streaming). It will take the server 6 seconds to upload that file however it will take you 1.7 hours to download it. Your ISP That is not entirely true though for TCP, which implement congestion control. UDP does not implement congestion control. 

  Denial of Service attacks Dos attacks (denial of service) are type of attack on a server to prevent users from consuming a particular service, usually this is an HTTP web server. This could happen by either saturating the bandwidth of the pipe going to the server or by bringing the server down to its knees so it stops taking requests all together. In this video we will learn about 3 different types of DOS attacks and explain each one by example.  Bandwidth based DOS 2:15 Dos Sending Huge amount of data to a server with lower bandwidth from a client with higher bandwidth which ends up saturating the server pipe and queue up future requests, new requests will have to wait or perhaps denied service. Example, the attacker have 100mb/s bandwidth (upload) the server has 10Mb/s download. If the attacker starts sending 100 mb worth of data to the server, it will take it 1 second to leave the pipe. However, The server can only download 10 mb each second for processing because thats its bandwidth, so it needs 10 seconds to completely download that 100mb and process. In this 10 seconds the server is fully busy serving just 1 client. Other requests will not be able to even reach the server, they might get queued and they may never be executed. Thus denied service. It is important to know that the server must have an end point that actually accept such large data. Like upload file with no limit. Another example, is UDP where there is no connection.  Ddos this previous scenario is less likely since servers usually has much more bandwidth than a single computer. A common attack is to do a DOS in distributed manner. Assume a server with 1 Gb and client with 10 mb/s no matter how much data the client can send it can only send 10mb per second, and the server can go through them real quick. Example, the client sends 1GB, it will leave the client’s pipe into 100 (10mb) means the client will take 100 seconds just to upload all the data because it can only sends 10 mb each seconds. And the server is processing it so fast it each second and it will still have enough bandwidth to process other requests(1000-10). But imagine 100 users with 10 mb connection each, all coordinate to send 1 Gb worth of data to the server at the same time (critical that its in the same time) 100x10 each second they can send 1 Gb in total to the server, the server can only process 1 GB per second so the server will not be able to process any other requests because its bandwidth is saturated processing this 1 GB from different place. Make it 200 users and you just clogged the pipe.    Max connections based DOS 10:13 Another type of denial of service attack is by somehow force the server to reach its max connections. The web server usually sets a maximum number of tcp connections so that it doesn’t run out of memory. an attacker can perform a DOS attack to force the server to reach its max connection. once it does, it wont accept any more connections thus deny service of future requests. However it is not easy, web servers have good preventive measures to minimize unnecessary tcp connections. So you cannot just establish a connection and ghost the server. This isn’t your ex boyfriend. Server has good timeouts for connections that are idle, terminated or potentially harmful. However one possible attack is to establish a connection but send the data slowly so when the server tries to timeout it immediately reset the timeout and keep the connection alive! Assuming the max tcp connection is 200, Run your script 200 times and you just created 200 connections to the server so no new connection can connect.    Vulnerability based DOS 16:30 

 TCP and UDP are communication protocols that allows us to send and receive data in a network. We have both for a reason since each has its advantages and disadvantages. In this video we will talk about two protocols, pros and cons of each one and will write tcp and udp server with nodejs showing you these in ACTION. coming up Code!  https://github.com/hnasr/javascript_playground/tree/master/tcp Jump Codes 🏷  tcp pros cons(4:12) Tcp demo (19:00) Udp pros cons (24:25) Udp demo (31:25) Summary (35:40) Explain TCP  Pros:  acknolwedgment,  garenteed delivery,  connection based congestion control ordered packets  Cons Larger packets More bandwidth since more headers.  Slower (because of retransmission)  stateful once connection is lost its lost, cannot resume it.   TCP Example (Code) telnet 127.0.0.1 8080 Explain UDP Pros Statless,  Less bandwidth  smaller packets Faster to transmit  Cons no ack,  no garenteed delivery,  no congestion control no ordered packets  UDP client echo "foo" | nc -w1 -u 127.0.0.1 41234 2:24 osi model tag  14:20 stateful. S stateless video 

  Get and POST are the most popular http methods used on the web. Each carries its own differences and properties. It can confusing to get to choose when to use POST over GET. In this podcast we will explain the differences, use cases and the benefits of using GET and POST. 

Microservices (Explained by Example) Microservices technology is a new pattern of software engineering that has been popularized recently. In this video we will explain what microservices are, their pros and cons by example.  A lot of companies have moved in the early 2010 such as twitter and netflex to the microservices architecture.  Microservices technology is a pattern where you can break down big application into smaller services and what previously is a function call is now a network call GET or POST through HTTP. In order to explain what microservices are, we need to explain how a traditional classical application looks like. Here is an example .. Instagram   View Picture, list comments, likes and Picture and Location.  Picture Likes Comments Picture API (Thumbnails)  Likes API  Comments API Most popular comments Pros: Polyglot architecture  Easy scaling for microservices that needs scaling.  Better Team management, each microservice is a team Easier to innovate certain areas. Each microservice can pick their own database  Scale busy services instead of entire system  Cons: Very complicated to implement, network call, service discovery  Very Difficult to debug Hard to find where the fault is  Network calls fails adds complexity. 5:00 6:50 proxy vs reverse