http2

Daniel Stenberg, June 12th 2014

Agenda

✗ HTTP today

✗ http2 fundamentals

✗ what http2 improves

✗ implementations

✗ future

Daniel Stenberg

Email: daniel@haxx.seTwitter: @bagderWeb: daniel.haxx.seBlog: daniel.haxx.se/blog

network hacker at

Please ask!

Feel free to interrupt and ask at any time!

Today

•HTTP 1.1 for everything, huge investments done on top

•The HTTP protocol not as small and easy as once imagined

•Numerous optional parts never implemented widely•HTTP 1.1 does not use TCP optimally•The web has changed significantly since 1997

Requests and payloads grow

connections per page

Average number of TCP connections used to show the front page of the most popular 300,000 sites:

37

Latency kills

Head of line blocking

Pipelining is a troubled child

Things done to overcome RTT pains

Facing problems, creative people find work-arounds

Spriting

Send one big image and use parts of it for different things

Inlining

•data: urls instead of sprites•CSS graphics

.icon1 { background: url(data:image/png;base64,<data>) no-repeat;}

.icon2 { background: url(data:image/png;base64,<data>) no-repeat;}

Concatenation

•Merge multiple javascript files into one big monster•Too much data when only little is needed•Too much to reload when a change is needed•Annoyance for developers

Sharding

•Browsers use 6-8 connections per host•Sites use many host names to allow even more connections

•Still suffers from head of line blocking

So let's...

•Make a protocol less RTT sensitive•Fix pipelining and head of line blocking•Stop the need for ever increasing the number of connections

•… while keeping all “interfaces”

Based on fun with SPDY

•Google driven•Google servers•Google Chrome•Spearheaded the concepts that lead to http2•IETF wanted http2 and SPDY proved to work•SPDY/3 basically became http2 draft-01

Enter http2

•It has to maintain HTTP paradigms•http:// and https:// URLs cannot be changed•HTTP1 servers and clients will be around for decades

•Proxies must be able to convert 1:1•No more optional parts•No more minor version!

Who's making http2 then?

•The IETF...•… working group called HTTPbis ...•… was set out to create an update to HTTP 1.1 ...•… and has continued on to work on http2

How do “normal URLs” work?

Http2 for https://

•Clients use a TLS extension to tell the server what protocol it wants. HTTP1.1, http2, or …

•The selected extension is called ALPN, Application Level Protocol Negotiation.

•NPN was used for SPDY•But...•http2 over TLS has a higher success rate

Http2 for http://

•Clients asks for an upgrade in their HTTP1.1 request using Upgrade:

•A http2 server can then respond “101 Switching” and return a http2 response

•The Chrome and Firefox teams will not do plain text http2

•Internet Explorer will do plain text http2•Infected area

“Opportunistic Encryption”

•Really “Opportunistic Security”•Allows HTTP to transparently use unauthenticated TLS

•ALTSVC enables this•ALTSVC also helps long lived sessions “stuck” on a single server

•HTTP:// URLs over TLS will never be “secure” nor feature the padlock

•Wildly debated. Does it prevent HTTPS adoption or does it help HTTP?

How's the new protocol?

Binary

•No more telnet tricks•Easier framing•TLS and compression anyway...•Wireshark inspector•A handful set frame types, like HEADERS and DATA

Header compression

•HTTP headers are big and are growing•HTTP 1 had no header compression•TCP slow start and initial window size•Headers are notoriously repetitive•Cookies•HPACK•Not a CRIME victim•Padding

Multiplexed (1/2)

•Multiple streams over a single physical connection•Number of parallel streams set by client

Multiplexed (2/2)

Flow control

•Each stream is individually flow controlled•After a default window, they must be given more•Especially useful in proxy cases

change your mind

•In HTTP1 you had to keep receiving or keep sending to maintain the connection

•Leads to data traffic and RTT “waste” every now and then

•In HTTP2 all streams can be cut off at any time

Server push

•HTTP 1 is only client to server requests•Push is a request initiated from the server end•Like a CSS for a HTML page•If allowed by client•RST_STREAM if not wanted•“Pre-populate the cache”

Priorities and dependencies

•client knows what it wants received first•HTML before images. video frame 1 before video frame 2. Viewable images before non-viewable.

•Switching tabs or scrolling page change what's interesting right now

•Dependencies allow fast re-ordering

Extensible

•New frame types can be introduced•Unaware implementations must ignore the new frames

•Discussed extensions include...

•BLOCKED

•ALTSVC

How will http2 affect ordinary humans?

•A better web experience!

•Lower RTT

•Faster page loads

•How much faster?

•We'll find out!

How will http2 affect web development?

•Many “tricks” for HTTP1 performance probably hurt http2 performance

•Tools and authors need to do separate tweaks to optimize

•It will take some time before sites will truly utilize http2's capabilities

Implementations

•Firefox•Twitter•Chrome•curl + nghttp2•Wireshark•Lots of more•Apache•nginx•proxies!

Schedule

•http2 last inter-op met in NYC in June•draft 13 on Friday, June 13•Wide scale deployments planned for autumn 2014•http2 RFC in Q1 2015•Join in and help out!

Will http2 become widely deployed?

•“Look at IPv6”•For some use cases, http2 is not a major boost compared to version 1

•SPDY showed fast growth can happen•Major browsers are on the train•Major services already did SPDY and are likely to go http2. Google, twitter, Facebook, ...

http2 in Firefox

•“about:config”•network.http.spdy.enabled.http2draft•https://twitter.com

http2 in Chrome

•Chrome Canary•--enable-spdy4

http3

•http2 is a foundation for the future•Time to drop legacy HTTP work-arounds?

Thank you!

http2 explained: http://daniel.haxx.se/http2

Doing good is part of our code

Credits

•Inspiration and http2 Lego image from Mark Nottingham: http://www.mnot.net/talks/http2-n-you/

•HTTP trend image and stats from http://httparchive.org

•RTT graph by Mike Belshe

License

This presentation and its contents are licensed under the Creative Commons Attribution 4.0 license: http://creativecommons.org/licenses/by/4.0/

This is presentation version 1.1