11. Workaround – data inlining
<img
src="data:image/gif;base64,R0lGODlhEAAOALMAAOazToeHh0tLS/7LZv/
0jvb29t/f3//Ub//ge8WSLf/rhf/3kdbW1mxsbP//mf///yH5BAAAAAAALAAAA
AAQAA4AAARe8L1Ekyky67QZ1hLnjM5UUde0ECwLJoExKcppV0aCcGC
mTIHEIUEqjgaORCMxIC6e0CcguWw6aFjsVMkkIr7g77ZKPJjPZqIyd7sJA
gVGoEGv2xsBxqNgYPj/gAwXEQA7” width="16" height="14"
alt="embedded folder icon”>
Good: No additional request.
No additional connection
No additional HTTP request/response header
Bad:
Base64 is larger.
Resources are not sharable.
12. Workaround - Domain sharding
Browser: WAS 2 TCP connection for each domain.
New browsers use 6~8, mobile browsers use 4~6 TCP connections.
Good
Parallel content download
Bad:
More TCP connection, negate TCP flow control, etc.
More Overhead and unfair resource sharing
17. HTTP/2 binary format (2/2)
Frame Type: DATA, HEADERS, PRIORITY, RST_STREAM, SETTINGS,
PUSH_PROMISE, PING, GOAWAY, WINDOW_UPDATE, CONTINUATION
* begin with a fixed 9-octet header followed by a variable-length payload
Stream Identifier: incremental, client odd, server even. New connection if
exhausted.
21. HTTP/2 Stream Prioritization
Advisory
Example,
Highest: main html
High: css files
Mid: Javascript files
Low: images
22. HTTP/2 Flow Control
Like SSH sliding window flow control
With each individual stream or the entire connection.
Receiver advise the window size, both client and server.
Only DATA frame are flow controled.
Hop-by-hop, not end-to-end
in SETTTINGS frames.
No algorithm in SPEC. Depends on implementers.
23. Frame Extensions
Not in SPEC right now. F.Y.I.
Alternative Services (ALTSVC frame)
Advisory and OPTIONAL
Alternative service could be multiple. A client chooses the most suitable one.
Example,
("http", "www.example.com", "80") => ("h2", "new.example.com", "81"), <TTL>
Not work like redirect. Origin URI is not changed.
Security context is applied on origin URI.
Like TLS certificates.
Security.consideration?
Must use TLS or strong server authentication if host is changed..
(Study more about how browsers implement this.)
BLOCKED frame
For flow control experiment.
24. Connect or Upgrade to HTTP/2
1. Send request with Upgrade header
2. SETTINGS is bas64 encoded.
3. Server declines upgrade.
4. Server accepts and change to HTTP/2.
• New HTTPS connection via TLS and ALPN.
• New HTTP connection with prior knowledge
• New HTTP connection without prior knowledge (Upgrade)
30. Core concepts of HTTP/2
Preserve HTTP/1.1 paradigms
Change
How data is framed.
How data is transported.
Advantages
Same HTTP APIs
Cheaper Requests
Network-server friendliness
Cache pushing
Like, if the server foresees the client will need below data.
Or invalidate client side cache.
Be able to change your mind (Need to close connection in HTTP/1.x)
Send RST_STREAM to the server to stop sending data of a request.
More encryption
Firefox and Chrom will only support HTTP/2 over TLS.
No more text
34. Browsers
Firefox
Supported in Firefox 35
TLS only
Chrome
Supported in Chrome 40
TLS only
Chrome will remove SPDY in early 2016.
IE
Also support HTTP/2 over TCP
Supported in IE 11 running on Windows 10.
Safari
Not announced yet.
35. 5% of Google global traffic
On January 28th 2015
36. Server/CDN/Proxy/L4
Nginx: End of 2015
Apache: Not announced yet. (mod_h2?)
IIS: Supported in Windows 10
Akamai: Limited beta right now.
Squid: Supported in 3.6 (Now stable version is 3.5)
L4: unknown.
37. Tools
Wireshark: Yes
Fiddler: Not announced yet.
CURL/libcurl
Support both TLS and in-secure TCP
URLLib in Python: Seems no
Requests in Python: Seems no
gRPC (http/2+ProtoBuff): RPC framework
Stream Identifier: client old, server even.
Stream identifier is Unilaterally.
Stream ID 0 is reserved as root stream ID.
Stream ID must be greater.
New connection should be opened if stream ID is exhausted.
Client opens new stream.
Server send GO_AWAY frame to force client re-open a connection.
SETTINGS_MAX_CONCURRENT_STREAMS to client and server separately.
HPACK
Default value is 65535 octet.
Usage
Another service, host and port.
When this server is down.
When alt server has better performance to the user.
Server want offer new protocol in alt server or use more secure protocol like TLS.
Load balance or separate users