Due to work needs, I spent nearly two months to understand the MSN Protocol, through a long time packet capture and try to implement, I will summarize some of the design ideas of the MSN server side as follows.
As a server design, several important issues are: (I hope you can correct them)
1. Security
2. Concurrent service capability
3. Linear Performance Improvement
I. Security
Server Security consists of two parts: one is the security of the server's hardware and software configurations, such as preventing system vulnerabilities; the other is the security design of the server and client communication protocols, prevents password leakage and illegal server attacks by means of the Protocol.
In the protocol, the MSN password is transmitted to the server through SSL; I am not very familiar with the internal details of SSL, but obviously, after the password is transmitted to the server through SSL, is obtained in plaintext, so the security depends on the SSL itself. In this regard, I prefer Yahoo's design. The password is not transmitted in plain text or any encrypted ciphertext, but is combined with the session and password returned by the server, the MD5 ciphertext cannot be decrypted in the reverse direction. It is meaningless to intercept such encryption results by any third party, because it is impossible to analyze the original password from such ciphertext.
In my opinion, in the transmission protocol, the password must be combined with a random seesion negotiated by the server, encrypted in an unrecoverable way, and transmitted to the server, the server is also encrypted in the same way according to the session and passowrd, And the encrypted results are compared to verify the validity of the user.
In terms of the security of software and hardware systems, I think we should try our best to remove unnecessary software and other modules from the system and retain the minimum kernel required for running the server system; at the same time, a server should only provide the services required by the server. No redundant network ports are opened, and the Telnet mode is disabled, while more secure SSH is used for remote management.
Ii. Concurrent service capability
The concurrent service capability of the server is an important part of the server program design.
1. The performance design of server software on a single server should consider the following issues:
Data Copying
Memory Management
Lock control between threads
Data copy:
Generally, avoiding data copying is a headache. In my daily work, I try to limit the buffer pointer scope to a certain scope. If I need to use it outside the scope, I usually copy the data, this can avoid the headache of Memory leakage. Once a piece of memory is used in Multiple scopes or out of the scope allocated to the memory, it is easy to figure out when to release the memory.
A better way is to use the reference counting technology used in COM to give the memory release time to its own management; that is to say, to encapsulate the memory into a struct or class, you can manage your use. Once you find that no one is using it, you can release it.
Memory Management:
Memory Processing is also a very important part. The frequent New/delete memory will cause a large number of fragments in the memory, which has a great impact on the performance of the server software; in general, we can apply for a relatively large memory area at the beginning, and then manage it by ourselves, dividing the memory into many small blocks (64b/128b/256b ), then, allocate the appropriate memory area as needed. In this way, the system does not need to apply for memory every time, and the possibility of Memory leakage is limited to a very small range (the memory leakage should be solved ).
In addition, after we use some objects, we can temporarily not release them from the memory, but mount them to a list. Next time for common objects, this fast memory can be fully reused. This is also a way to reduce the number of memory allocations. However, this may result in a very expensive addition and unlocking.
Lock control between threads:
The lock control is involved mainly because of the Sharing Problem. There are two types of sharing: one is the code sharing part and the other is the data sharing part. The main task is data sharing. However, there is no good solution. The only solution is to check whether this sharing is really necessary. The data can be divided into two parts to form a non-shared one.
Of course, I don't know what the soft boss has done.
3. Linear Performance Improvement
This mainly means that the service capability of the server group can be linearly improved by adding servers. This requires that the server's service capability sharing be balanced to achieve a good load balancing. The new server can be balanced by the Server Load balancer server to allocate services.
Of course, this is also designed for Server Clusters and Database Server clusters. I want to find a dedicated time to study these issues.
In this regard, Microsoft's design philosophy is a good embodiment of this principle, able to give the load balancing to the new server.
MSN Authentication servers and chat servers are separated. That is, each Chat Day, you need to apply for a chat server address from the authentication server, and then invite the other party to join the chat server through the authentication server, this ensures that the chat user will be on the same server, no need to go to the database server to find the address of the other party, and also avoid server data synchronization problems.
If a new server is added, the server can provide reliable services to clients unrelated to other servers as long as it is registered on the server Load balancer server, of course, the service capability of the group is linearly improved.
This article is intended for communication with friends. Please kindly advise on the content that is inappropriate :)