RFC 7540 was ratified over 2 years ago and, today, all major browsers, servers, and CDNs support the next generation of HTTP. Just over a year ago, at Velocity, we discussed the protocol, looked at some real world implications of its deployment and use, and what realistic expectations we should have from its use. Now that adoption is ramped up and the protocol is being regularly used on the Internet, it's a good time to revisit the protocol and its deployment. Has it evolved? Have we learned anything? Are all the features providing the benefits we were expecting? What's next?In this session, we'll review protocol basics and try to answer some of these questions based on real-world use of it. We'll dig into the core features like interaction with TCP, server push, priorities and dependencies, and HPACK. We'll look at these features through the lens of experience and see if good practice patterns have emerged. We'll also review available tools and discuss what protocol enhancements are in the near and not-so-near horizon.
9. DATA Carries request or response data
HEADERS Carries request/response headers/trailers; can initiate a stream
PRIORITY Indicates priority of a stream
RST_STREAM Terminates a stream
SETTINGS Defines parameters for the connection only
PUSH_PROMISE Signals peer for server push
PING Maintenance frame for checking RTT, connection, etc
GOAWAY For shutting down a connection
WINDOW_UPDATE Frame responsible for flow control adjustments
CONTINUATION Extends a HEADERS frame and can carry more headers
10. GET /thing HTTP/1.1
Host: www.example.com
User-Agent: Some_user_agent
HTTP/1.1 200 OK
Server: some_server
Content-Type: text/html
Content-Length: 1000
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html
Request Response
11. GET /thing HTTP/1.1
Host: www.example.com
User-Agent: Some_user_agent
HTTP/1.1 200 OK
Server: some_server
Content-Type: text/html
Content-Length: 1000
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html html html
html html html html html
DATA
DATA
DATA
DATA
DATA
DATA
HEADERS
Request Response
HEADERS
12. HTTP/2 Frame
TCP
TLS
TLS Record
HTTP/2 Frame
HTTP/2 Frame
…
Stream ID
Stream ID
Stream ID
TCP
TLS
TLS Record
Header: valuern
Header: valuern
Header: valuern
rn
Body Body Body Body Body
Body Body Body Body Body
Body Body Body Body Body
Body Body Body Body Body
HTTP/1 HTTP/2
43. Takeaways (then)
• Despite the experiment flaws, performance
benefits are less than clear cut, out of the box
• Seemed best:
- Not listen to anyone!
- Try for yourself
59. Origin frame
• List of domains eligible for coalescing
- Cert still needs to match
• Empty frame signals no coalescing
- Fall back to SNI
• Obviates DNS lookups for listed domains
60. Origin frame
• List of domains eligible for coalescing
- Cert still needs to match
• Empty frame signals no coalescing
- Fall back to SNI
• Obviates DNS lookups for listed domains
61. Origin frame
• List of domains eligible for coalescing
- Cert still needs to match
• Empty frame signals no coalescing
- Fall back to SNI
• Obviates DNS lookups for listed domains
65. h2 and TCP
• Performance benefits?
- Anecdotal, seems to vary from case to case
- BBR helps, but pros/cons aren’t totally clear yet
- It’s still best to figure out what’s best for you on your own!
• We’re about to get more control over some coalescing
• The context of a connection is being relied on more
and more
71. What to push?
• A replacement for inlining
- All the RTT-saving benefits + caching
• Google paper:
- https://docs.google.com/a/fastly.com/drawings/d/
1mWwY_MeNAjzDRCF0uT97KgN0lh_jX79a53X6iOuH_Is/pub?
w=2330&h=1350
• Facebook:
- https://www.facebook.com/atscaleevents/videos/1775942979345465/
93. Adoption?
• 0.04% of HTTP/2 sessions have a push frame
• Average amount of pushed data per session: 32KB
• Success rate:
• 63.51% accepted
• 22.35% time out
• 13.39% duplicate
https://github.com/httpwg/wg-materials/blob/gh-pages/ietf102/chrome_push.pdf
102. Pushing for push
• Is the 1RTT worth the complexity?
• 103 to the browser:
- Same benefit as push for the most important use-case
- Much simpler
- Leverage browser cache
• “To push or not to push” by Patrick Hamann
- https://www.youtube.com/watch?v=cznVISavm-k
• Cache digests may still be useful?
• What do we do with push?
104. Prioritization basics
• Address possible contention because of all the
concurrency
• Stream weights
• Dependency (including exclusivity)
• HEADERS and PRIORITY frames
• It’s only a “suggestion”
105. Example
• D gets all resources
• After D is done:
- C gets ½ of resources
- E gets ½ of resources
• After C is done:
- A gets ¾ of C’s ½ of resources
- B gets ¼ of C’s ½ of resources
*
D
1
C
8
A
12
B
4
E
8
137. The promise of QUIC
• Low latency connection setup
- 0RTT
• UDP
- Addresses TCP’s head of line blocking in h2
- More flexible congestion avoidance algorithms
- “rich signaling for congestion control and loss recovery”
• Everything authenticated and encrypted
• Mitigating middle box tomfoolery
• Connection migration and NAT rebinding (via connection IDs)
138. Some QUIC reading
• https://dl.acm.org/citation.cfm?id=3098842
• https://quicwg.github.io/
• https://github.com/quicwg
• And a video: https://vimeo.com/227461189
139. So…
• Has much changed?
• Do we still have a lot to learn?
• Do we still have a lot to do?
• QUIC will fix everything, right?