HTTP/2 Introduction

By Walter Liu 2015/03/11

Agenda

The problem of HTTP/1.x

What’s HTTP/2?

HTTP/2 Status

The problem of http/1.x

httparchive.org – TCP connections

httparchive.org –

#Domain & Max request

httparchive.org –

Size and Total requests

Negate TCP flow control

Unfair resource sharing

Duplicated data

- DNS lookup (domain sharding)

- TCP 3-way handshaking

- TCP network buffer

- HTTP request/respond header

HTTP pipeline ?

Head of line blocking

Work around for HTTP/1.1

Spriting

Data: inlining

Domain sharding

Concatenation

Workaround - Spriting

Workaround – data inlining

<imgsrc="data:image/gif;base64,R0lGODlhEAAOALMAAOazToeHh0tLS/7LZv/0jvb29t/f3//Ub//ge8WSLf/rhf/3kdbW1mxsbP//mf///yH5BAAAAAAALAAAAAAQAA4AAARe8L1Ekyky67QZ1hLnjM5UUde0ECwLJoExKcppV0aCcGCmTIHEIUEqjgaORCMxIC6e0CcguWw6aFjsVMkkIr7g77ZKPJjPZqIyd7sJAgVGoEGv2xsBxqNgYPj/gAwXEQA7” width="16" height="14" alt="embedded folder icon”>

Good: No additional request.

No additional connection

No additional HTTP request/response header

Bad:

Base64 is larger.

Resources are not sharable.

Workaround - Domain sharding

Browser: WAS 2 TCP connection for each domain.

New browsers use 6~8, mobile browsers use 4~6 TCP connections.

Good

Parallel content download

Bad:

More TCP connection, negate TCP flow control, etc.

More Overhead and unfair resource sharing

Workaround - Concatenation

$ cat *.js > site_global.js

* Reduce number of requests

* Reuse cached resources

What’s HTTP/2?

Key differences with HTTP/1.x

Binary format

Multiplex

Server push

Header compression

Stream Prioritization

Flow Control

HTTP/2 binary format (1/2)

HTTP/2 binary format (2/2)

Frame Type: DATA, HEADERS, PRIORITY, RST_STREAM, SETTINGS,

PUSH_PROMISE, PING, GOAWAY, WINDOW_UPDATE, CONTINUATION

* begin with a fixed 9-octet header followed by a variable-length payload

Stream Identifier: incremental, client odd, server even. New connection if

exhausted.

Connection, Stream, Message and

Frame

HTTP/2 Multiplex

HTTP/2 Header Compression

• Send diff

• Binary

• Huffman code

HTTP/2 Stream Prioritization

Advisory

Example,

Highest: main html

High: css files

Mid: Javascript files

Low: images

HTTP/2 Flow Control

Like SSH sliding window flow control

With each individual stream or the entire connection.

Receiver advise the window size, both client and server.

Only DATA frame are flow controled.

Hop-by-hop, not end-to-end

in SETTTINGS frames.

No algorithm in SPEC. Depends on implementers.

Frame Extensions

Not in SPEC right now. F.Y.I.

Alternative Services (ALTSVC frame)

Advisory and OPTIONAL

Alternative service could be multiple. A client chooses the most suitable one.

Example,

("http", "www.example.com", "80") => ("h2", "new.example.com", "81"), <TTL>

Not work like redirect. Origin URI is not changed.

Security context is applied on origin URI.

Like TLS certificates.

Security.consideration?

Must use TLS or strong server authentication if host is changed..

(Study more about how browsers implement this.)

BLOCKED frame

For flow control experiment.

Connect or Upgrade to HTTP/2

1. Send request with Upgrade header2. SETTINGS is bas64 encoded.3. Server declines upgrade.4. Server accepts and change to HTTP/2.

• New HTTPS connection via TLS and ALPN.• New HTTP connection with prior knowledge• New HTTP connection without prior knowledge (Upgrade)

Some Examples

HEADER and DATA frame

Server push (1)

Server push (2)

Server push (2)

Core concepts of HTTP/2

Preserve HTTP/1.1 paradigms

Change

How data is framed.

How data is transported.

Advantages

Same HTTP APIs

Cheaper Requests

Network-server friendliness

Cache pushing

Like, if the server foresees the client will need below data.

Or invalidate client side cache.

Be able to change your mind (Need to close connection in HTTP/1.x)

Send RST_STREAM to the server to stop sending data of a request.

More encryption

Firefox and Chrom will only support HTTP/2 over TLS.

No more text

HTTP/2 Status

HTTP/2 has approved by the IESG,

and is in the RFC Editor’s publication queue.

Implementations

https://github.com/http2/http2-

spec/wiki/Implementations

Browsers

Firefox

Supported in Firefox 35

TLS only

Chrome

Supported in Chrome 40

TLS only

Chrome will remove SPDY in early 2016.

IE

Also support HTTP/2 over TCP

Supported in IE 11 running on Windows 10.

Safari

Not announced yet.

5% of Google global traffic

On January 28th 2015

Server/CDN/Proxy/L4

Nginx: End of 2015

Apache: Not announced yet. (mod_h2?)

IIS: Supported in Windows 10

Akamai: Limited beta right now.

Squid: Supported in 3.6 (Now stable version is 3.5)

L4: unknown.

Tools

Wireshark: Yes

Fiddler: Not announced yet.

CURL/libcurl

Support both TLS and in-secure TCP

URLLib in Python: Seems no

Requests in Python: Seems no

gRPC (http/2+ProtoBuff): RPC framework

References

http://http2.github.io

http://daniel.haxx.se/http2/

http://www.slideshare.net/bagder/http2-right-now-fosdem2015

http://www.slideshare.net/edburns/http2-comes-to-java-what-servlet-

40-means-to-you-devnexus-2015

http://chimera.labs.oreilly.com/books/1230000000545/ch12.html

Q & A