http2
DESCRIPTION
A technical description of http2, including background of HTTP what's been problematic with it and how http2 and its features will improve the web. See the document with the complete transscript and more: http://daniel.haxx.se/http2/TRANSCRIPT
http2
Daniel Stenberg, June 12th 2014
Agenda
✗ HTTP today
✗ http2 fundamentals
✗ what http2 improves
✗ implementations
✗ future
Daniel Stenberg
Email: [email protected]: @bagderWeb: daniel.haxx.seBlog: daniel.haxx.se/blog
network hacker at
Please ask!
Feel free to interrupt and ask at any time!
Today
•HTTP 1.1 for everything, huge investments done on top
•The HTTP protocol not as small and easy as once imagined
•Numerous optional parts never implemented widely•HTTP 1.1 does not use TCP optimally•The web has changed significantly since 1997
Requests and payloads grow
connections per page
Average number of TCP connections used to show the front page of the most popular 300,000 sites:
37
Latency kills
Head of line blocking
Pipelining is a troubled child
Things done to overcome RTT pains
Facing problems, creative people find work-arounds
Spriting
Send one big image and use parts of it for different things
Inlining
•data: urls instead of sprites•CSS graphics
.icon1 { background: url(data:image/png;base64,<data>) no-repeat;}
.icon2 { background: url(data:image/png;base64,<data>) no-repeat;}
Concatenation
•Merge multiple javascript files into one big monster•Too much data when only little is needed•Too much to reload when a change is needed•Annoyance for developers
Sharding
•Browsers use 6-8 connections per host•Sites use many host names to allow even more connections
•Still suffers from head of line blocking
So let's...
•Make a protocol less RTT sensitive•Fix pipelining and head of line blocking•Stop the need for ever increasing the number of connections
•… while keeping all “interfaces”
Based on fun with SPDY
•Google driven•Google servers•Google Chrome•Spearheaded the concepts that lead to http2•IETF wanted http2 and SPDY proved to work•SPDY/3 basically became http2 draft-01
Enter http2
•It has to maintain HTTP paradigms•http:// and https:// URLs cannot be changed•HTTP1 servers and clients will be around for decades
•Proxies must be able to convert 1:1•No more optional parts•No more minor version!
Who's making http2 then?
•The IETF...•… working group called HTTPbis ...•… was set out to create an update to HTTP 1.1 ...•… and has continued on to work on http2
How do “normal URLs” work?
Http2 for https://
•Clients use a TLS extension to tell the server what protocol it wants. HTTP1.1, http2, or …
•The selected extension is called ALPN, Application Level Protocol Negotiation.
•NPN was used for SPDY•But...•http2 over TLS has a higher success rate
Http2 for http://
•Clients asks for an upgrade in their HTTP1.1 request using Upgrade:
•A http2 server can then respond “101 Switching” and return a http2 response
•The Chrome and Firefox teams will not do plain text http2
•Internet Explorer will do plain text http2•Infected area
“Opportunistic Encryption”
•Really “Opportunistic Security”•Allows HTTP to transparently use unauthenticated TLS
•ALTSVC enables this•ALTSVC also helps long lived sessions “stuck” on a single server
•HTTP:// URLs over TLS will never be “secure” nor feature the padlock
•Wildly debated. Does it prevent HTTPS adoption or does it help HTTP?
How's the new protocol?
Binary
•No more telnet tricks•Easier framing•TLS and compression anyway...•Wireshark inspector•A handful set frame types, like HEADERS and DATA
Header compression
•HTTP headers are big and are growing•HTTP 1 had no header compression•TCP slow start and initial window size•Headers are notoriously repetitive•Cookies•HPACK•Not a CRIME victim•Padding
Multiplexed (1/2)
•Multiple streams over a single physical connection•Number of parallel streams set by client
Multiplexed (2/2)
Flow control
•Each stream is individually flow controlled•After a default window, they must be given more•Especially useful in proxy cases
change your mind
•In HTTP1 you had to keep receiving or keep sending to maintain the connection
•Leads to data traffic and RTT “waste” every now and then
•In HTTP2 all streams can be cut off at any time
Server push
•HTTP 1 is only client to server requests•Push is a request initiated from the server end•Like a CSS for a HTML page•If allowed by client•RST_STREAM if not wanted•“Pre-populate the cache”
Priorities and dependencies
•client knows what it wants received first•HTML before images. video frame 1 before video frame 2. Viewable images before non-viewable.
•Switching tabs or scrolling page change what's interesting right now
•Dependencies allow fast re-ordering
Extensible
•New frame types can be introduced•Unaware implementations must ignore the new frames
•Discussed extensions include...
•BLOCKED
•ALTSVC
How will http2 affect ordinary humans?
•A better web experience!
•Lower RTT
•Faster page loads
•How much faster?
•We'll find out!
How will http2 affect web development?
•Many “tricks” for HTTP1 performance probably hurt http2 performance
•Tools and authors need to do separate tweaks to optimize
•It will take some time before sites will truly utilize http2's capabilities
Implementations
•Firefox•Twitter•Chrome•curl + nghttp2•Wireshark•Lots of more•Apache•nginx•proxies!
Schedule
•http2 last inter-op met in NYC in June•draft 13 on Friday, June 13•Wide scale deployments planned for autumn 2014•http2 RFC in Q1 2015•Join in and help out!
Will http2 become widely deployed?
•“Look at IPv6”•For some use cases, http2 is not a major boost compared to version 1
•SPDY showed fast growth can happen•Major browsers are on the train•Major services already did SPDY and are likely to go http2. Google, twitter, Facebook, ...
http2 in Firefox
•“about:config”•network.http.spdy.enabled.http2draft•https://twitter.com
http2 in Chrome
•Chrome Canary•--enable-spdy4
http3
•http2 is a foundation for the future•Time to drop legacy HTTP work-arounds?
Thank you!
http2 explained: http://daniel.haxx.se/http2
Doing good is part of our code
Credits
•Inspiration and http2 Lego image from Mark Nottingham: http://www.mnot.net/talks/http2-n-you/
•HTTP trend image and stats from http://httparchive.org
•RTT graph by Mike Belshe
License
This presentation and its contents are licensed under the Creative Commons Attribution 4.0 license: http://creativecommons.org/licenses/by/4.0/
This is presentation version 1.1