What Happens When You Type www.habbo.com in Your Browser and Press Enter

You probably have never paused to ponder what processes take place during the temporal isthmus between your pressing the Enter key and the rendering of the www.habbo.com homepage in your browser window. In the case that you have, however, then you've clicked on the right article. From here we'll walk step-by-step through the workings of not just www.habbo.com, but also every other site on the Internet and how they are able to deliver their content to your ravenous eyes.

Domain Names, IP Addresses, and DNS Resolution

The term "IP" is thrown around quite often in the context of computers and networking. I'm not really sure what other contexts it would, honestly. An IP (Internet Protocol) address is a string of numbers assigned to each machine in a network such as the Internet that serves to identify that machine and enable it to be recognized by other machines and systems. You can see what your IP address is here.

Humans are exceptionally good at operating and communicating with words. Our competencies with numbers are abysmal by comparison, and it is this organic weakness that makes memorizing IP addresses such an arduous task for us. This is really inconvenient when we need to tell our web browsers the address of the server we want to request pictures of cats mid-sneeze from and we don't know or can't recall what that address is.

This is where DNS, which stands for Domain Name System and can be seen as a phone book of sorts for websites, comes to the rescue. DNS maps each domain name to an IP address and effectively blurs the language barrier between human and machine.

So you typed the domain name www.habbo.com in your browser and pressed Enter. Let's say you've never had the privilege of visiting www.habbo.com prior to this moment, which means that neither your web browser nor your operating system has the IP address associated with www.habbo.com saved in its DNS cache. Thus begins the search for that address in the process of DNS resolution.

Your operating system goes to the resolver server, which is typically your Internet service provider, to see if it has www.habbo.com's IP address in its cache. If the resolver fails to find it, it will send a cry for help to a root server.

Root servers are at the top of the DNS hierarchy. When your resolver requests that a root server help it find an IP address, the root server is not going to know what that address is, but it will know which top level domain server to tell your resolver to go to next in its quest.

A top level domain refers to the last segment of a domain name, which in the case of www.habbo.com is the "com". Historically they have indicated the purpose of a website, with .com denoting commercial businesses, .org denoting organizations, .gov denoting government sites, and so on. Like the root server, the .com TLD server will not know which address www.habbo.com resolves to. However, it does know the name servers for all domains ending in .com, so it tells your resolver the authoritative name server it should go to next.

Visiting the authoritative name server is the final step in the DNS resolution process. Authoritative name servers, as is implied by their name, are the authority for answers to DNS queries and usually there are multiple of them attached to any one domain. Once your resolver gets the www.habbo.com's IP address from one of the site's name servers, it can finally get back to your operating system and browser and point them to that address. Additionally, the resolver saves that address into its cache so that it won't have to go through all those steps a second time if www.habbo.com is requested again in the future.

A fun comic about DNS resolution, if you want to learn more about it, can be found here.

TCP and IP

Now that you know the IP address that www.habbo.com resolves to, you can finally send it a request using TCP and IP. Before getting into those however, let us briefly examine the OSI (Open Systems Interconnection) Model.

Essentially, the OSI Model is a conceptual model that breaks down the communication functions of a system into seven general layers. These layers are summarized in the following diagram:

We'll focus primarily on the application, transport, and network layers. When you typed the domain name into the search bar of your browser, you interacted with its application layer. The application layer then communicates with the transport layer through a port. If you think about an IP address as the address of an apartment complex, ports and port numbers can be likened to unit numbers within that complex. The various pieces of software installed on the machine are the residents of those units and you can send mail to any one of them granted they are expecting correspondence from you and you know their unit number.

Once the data reaches the transport layer, TCP begins its work by breaking up the data into smaller pieces called packets. The packets are sent individually to the recipient along with a header that details how to piece the packet data back together. Think of the process as kind of like ordering a desk online that you'll have to assemble yourself. The parts of the desk come packaged with instructions so that you, the recipient, will know how to piece them together once they all get to you.

TCP operates under the same idea except the packets may not necessarily come all at once like the desk parts would in the real world. When packets are sent to some address, they go on different routes through the Internet to avoid network congestion and make the data transmission as efficient as possible. TCP also ensures that the recipient receives every packet sent to it by including error-checking information in the header to help the recipient determine whether or not packets were lost or damaged in transit. Thus, upon sending a packet, it will wait for confirmation that it has indeed been received before attempting to send the next one. So it's like each part of the desk was shipped to you separately and through different sorting facilities depending on the volume of mail to be processed at each facility. Additionally, the delivery person asked you to acknowledge your receiving of the package by asking you to sign for it every time and in the case that a part came damaged, you'd get a replacement sent.

One last thing of note in the data transmission process is that, before they are sent to their destinations, packets are pushed to the network layer, which is where IP lives. In a nutshell, IP attaches both the destination and origin address to each packet so that they know where they are going and whence they came. That being so, IP can be thought of as the address and return address on a parcel.

For more information on TCP and IP, refer to this page.

The Load Balancer

As of 2014, Habbo Hotel had about 5 million active users, a number that I imagine has only gone down since then. Even if the amount of users today is just one percent that number, which would be about 50,000, that is still a hefty amount of clients making requests to Habbo. It would simply be too much for one server to handle. Therefore, it would make sense for Habbo to employ multiple servers in their network to handle those requests. Problem solved?

Not quite. Now Habbo has to consider which requests should go to which servers. Queue the load balancer.

A load balancer allows sites to handle more traffic by distributing that traffic across multiple servers. Many sites have dedicated servers to load balancing and the IP address that www.habbo.com resolved to is most likely the address of one of those servers.

The method by which a load balancer directs requests to specific servers depends on the balancing algorithm it has been configured to follow. One of the most common and easiest-to-implement load balancing algorithms is the round robin algorithm, which can be likened to making a move in Mancala. You pick up all the stones in one cup and then place one in each of the following cups in sequence. Similarly, requests are received by the load balancer and then redirected to each server in a cyclical fashion. The first request goes to the first server, the second request goes to the second server, and so on.

Round robin is a solid load balancing algorithm given every server in a cluster has the same capabilities. Let us assume that that's the case for Habbo Hotel's servers. What we cannot assume, however, is the amount of time each user will stay connected to a server. For a virtual world like Habbo Hotel, casual players may only have fifteen minute play sessions while the most hardcore of players can spend hours on end on the site. If it just so happens that a large number of the latter were connected to one particular server, that server would run the risk of overload. Thus, the least connections algorithm would deem more appropriate for Habbo Hotel's needs.

When configured with the least connections algorithm, a load balancer will take into account the number of active connections each server has and redirect each new request to the server with—you guessed it—the least connections. Least connections both mitigates the risk of server overload and keeps servers from idling, making efficient use of the cluster.

There are numerous other load balancing algorithms that have their advantages and disadvantages given factors such as server capacity and user connection time, which you can read more about here.

Security Measures

HTTPS and SSL

Notice how, when you type www.habbo.com into your search bar and hit enter, an https:// is automatically prepended to the domain once your browser gets a hold of the Habbo servers. You can also see a small padlock to the left of it. This indicates that your connection to Habbo Hotel is secure and that no third party can spy on your communications with it.

Before we delve into HTTPS, it is important that we understand HTTP first. HTTP, or Hypertext Transfer Protocol, is used for viewing web pages on the Internet. Though it is one of the most widely used protocols in the world today, HTTP has the very fatal flaw of sending information in clear text, which makes information sent over it vulnerable to man-in-the-middle cyberattacks. In a man-in-the-middle attack, an attacker secretly relays or alters communications between two parties that falsely believe they are communicating directly with each other. This wouldn't be a big deal if no sensitive data such as credit card information is being sent to the site, but Habbo Hotel prompts its users to enter passwords to access their accounts and it would be real problematic if hackers got a hold of those. I don't know what nefarious ends one would want to achieve with a bunch of compromised Habbo Hotel accounts, but the point is Habbo needs to use HTTPS.

HTTPS means Hypertext Transfer Protocol Secure, or Hypertext Transfer Protocol: the Sequel if you will. Essentially, HTTPS encrypts data being sent and retrieved by HTTP so that if some malicious third party were to intercept it, they would only see unintelligible and thus useless gibberish.

The technology underlying HTTPS is SSL, or Secure Sockets Layer, which uses public key encryption to scramble data and hide it as it goes from one computer to another. Not only are keys used for encryption, but they are used as to identify computers as well, which we'll explore as we break down the SSL process.

When your computer connects to a site that's using SSL, your web browser will ask the website to identify itself. The web server will send you a copy of its SSL certificate, which is a small digital certificate used to authenticate the identity and trustworthiness of a website.

To obtain an SSL certificate, the organization behind the site had to have gone to a certificate authority and provided it with information about the web server, what the organization is, where it is located, et cetera. The certificate authority, which from now on we'll abbreviate as CA for brevity's sake, then confirms the legitimacy of this information by checking it against public records before creating and signing the certificate. The certificate itself is created by condensing all the certificate details into a number through hashing. That number is then encrypted with the CA's private key and the certificate gets sent back to the site organization and installed in their web server. It is now ready to use in the secure "handshake" process.

First, both you and server have to agree on how to encrypt their messages. Your computer sends a hello message to the server containing a choice of key exchange methods and ciphers, in addition to a choice of the hash to be used to generate the message authentication code that ensures the integrity of the messages. It also includes the version of SSL in use and a random number that will be used to compute the encryption keys. The server will respond back with its choice of key, cipher, and hash method. It will also send its certificate which will contain information about who the server belongs to, how long the certificate is valid for, and its public key.

When you installed your web browser, it came packaged with root certificates and the public keys of trusted CAs all over the world. When it receives a certificate from a website, it is able to ascertain its signature by comparing its public key to those keys. Your browser will only trust correctly signed certificates and those signed by trusted CAs. Once it determines that you can trust the website and its certificate, it sends a message to the site's web server, to which the server responds with an acknowledgement. This completes the metaphorical digital handshake so that the SSL session can proceed. Any message encrypted with your public key can only be decrypted with your private key, and the same goes for Habbo Hotel's keys. All communications between you and their server are now secure; nobody is going to get a hold of your Habbo Hotel password.

This is, regrettably, a very rudimentary explanation of the handshake process and public key encryption. Going further into the details would warrant the writing of a whole other article and I am honestly in no way qualified to accurately explain it. This article by DigiCert, which itself is a certificate authority, would be a good place to start if you wish to learn more about SSL cryptography.

Firewalls

Security-minded websites that use SSL to protect clients from getting their information compromised will almost certainly have measures in place that protect their servers as well. A firewall, which can be seen as the safety barrier between a private network and the public Internet, achieves just that by preventing bad and malicious traffic from entering a network. Firewalls prevent sensitive data from leaving a network as well, which is especially important to large organizations with sensitive data.

Fundamentally, firewalls work by filtering incoming and outgoing network data. IP addresses, ports, protocols, domain names, programs, and key words can be allowed or blocked according to rules set in an access control list by the network administrator.

There are two main types of firewall: host-based firewalls and network-based firewalls. A host-based firewall is a software firewall that is installed on a computer and protects only that computer. A network-based firewall is a combination of hardware and software that protects an entire network instead of just a single computer. Many websites use both types for the added layer of security and because when it comes to networking, it's generally a good idea to have multiple of everything. In the event that an attacker bypasses the network-based firewall, additional damage to the network can be prevented because each computer still has its own intact host-based firewall.

Getting Site Content to You

Your data has now traveled securely to Habbo's network, been let through their firewall, and been redirected to a server by one of their load balancers. It's finally time to get the website to you and you are ready. You've been waiting milliseconds for this.

A server meant to handle client requests is usually configured to implement the LAMP/LEMP stack. This means that they on top of the Linux operating system, they use Apache or NGINX (the E in the acronym makes sense phonetically) as a web server, MySQL as a database, and PHP or Python for scripting.

Web servers are software such as NGINX and Apache (or hardware dedicated to running that software) that listen for HTTP/HTTPS requests and serve content depending on the request headers. Their primary function is to store, process, and deliver static web pages, but they can also be enabled to receive content from clients which can be used for submitting web forms and uploading files not meant to be stored for future use.

When you request Habbo Hotel's homepage, your request is being handled by the web server because it is a static page wherein HTML is not meant to be generated on the fly. Once your interaction with the page starts going beyond clicking links though, such as when you enter your email and password to log in, your request may be handled by one of Habbo Hotel's application servers.

Application servers are software frameworks that provide both facilities to create web applications and a server environment on which to run them. Their main job is to support the construction of dynamic web pages and generate HTML on the fly depending on the user and the manner of the user's interaction with the page. In addition, they handle all operations between users and a site's backend database, which is a collection of site information (which may include user information) that is organized so that it can be easily accessed, managed, and updated.

The best way to exemplify what an app server does is to think about your Twitter homepage. To generate the feed on your homepage, Twitter has to look through your record in the database to see who you're following and curate your feed to show you only the latest tweets from those you follow. It would not make sense after all for every user on Twitter to see the same feed. Additionally, despite the differences in content for each user, each tweet on one's feed has a uniform appearance and when they scroll to the bottom of their feed, more tweets are rendered on the page automatically without them having to refresh it, which is the app server's HTML templating at work. I would imagine Habbo Hotel does something similar when starting a user's play session by looking through their record in their database to render their avatars, rooms, inventories, friends, etc.

Once the web and/or app server handles your request and sends your content back to you, it renders on your browser and you're ready to Habbo away. You can now do so with the knowledge of how the page gets to you, which I'm sure can land you a Habbo Hotel boyfriend or girlfriend. Good luck out there and, if you find yourself wanting to know more about the processes, please refer to the pages linked previously as a starting point for further learning. Thanks for reading!