Published on

A technical description of http2, including background of HTTP what's been problematic with it and how http2 and its features improves the web.

See the "http2 explained" document with the complete transcript and more:

(Updated version to slides shown on April 13th, 2016)

Published in: Technology


  1. 1. Google Stockholm, April 12th 2016
  2. 2. Twitter:@bagder Daniel Stenberg
  3. 3. Future HTTP Today HTTP/2 Status Deploy
  4. 4. Internet TodayInternet Today HTTP forHTTP for everythingeverything The web hasThe web has changedchanged significantlysignificantly since the 90ssince the 90s
  5. 5. Request and payload growth in the last 4 years... 8080 100100 800K800K 2300K2300K the average website loads 50+ resources on a single domain
  6. 6. connections per page
  7. 7. Roundtrip Bonanza
  8. 8. Latency adds up 4,000 ms 750 ms Page load time Round trip time 0 ms 240 ms
  9. 9. Speed of light The world is still big + slower through fiber + never the shortest distance + buffer (bloat) + radio networks = Several hundred milliseconds
  10. 10. Head of line blockingHead of line blocking
  11. 11. HTTP 1.1HTTP 1.1 workaroundsworkarounds
  12. 12. SpritingSpriting
  13. 13. InliningInlining .icon { background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABGwAAAGDCAIAAADxuBH7AAA AAXNSR0IArs4c6QAAAAlwSFlzAAAOdQAADnUBuWNRMgAAAAd0SU1FB9kLHRYqOHOE8mAAACAA SURBVHja7J13fFVF9sDPzC2vJy+9kAaBJBTpvVoQkSYCVlTcxYaua1lx1bWsrrs/18qquIC9s CoqgiIiXZpU6QECpPfySl67deb3x4vhkeS9BATW1fl+8snn3rlTzpk58+6cO3PnIkrpyeP5AH C4oBoYDAaDwWAwGAwGgxERvvlo7+7NrDoYDAaDwWAwGAwGIzKoeSYqu1sPVh0MBoPBYDAYDAa DEZlTM1Erv/ueVQeDwWAwGAwGg8FgdNSJQoBYdTAYDAaDwWAwGAxGR50ojDvkRLn86tE6v9On +111CBGbzZ5s43JTY0RB+JmiSCqp9ykBlaqSD1EQjQabiOJsJo7jzpLsl5tCHfKTn8Dj9CyBZ lSzan5iZ1FwXxHJaiaZqiSAAQCAQoobzAc5gzW6znVTUGg8FgMBgMBoNxfp0oQO04USdqvCuK caHQQxZjRNGEUrFOQAoEvBUNiUXHhqDDEwd0jrFZzkIIh08pcIKDS9SxkeN4ZMOEgqaqijdgc danodpuqTEmg3huNT9RX7CidtnJ6GOaWU1OSiZdiFf11jfWNzgdWYc6D5VGTrzoqhhb7M8sJR DwY0QTExNt0VGiIGAAAPAritPhqK+pdTd64uITDQbDzylCkaX6+ipVkRAgQeCZTTMY5wpKqSz LiqKoqqppGqWU1QmDwWAwGL9iMMcZDEaLxWa1RsfEJUSIeWpjicIyV7hIsqIu/tFxwD42L8Nm xuCXIaCCRoAS0HWQNXAEaK3Pa6zbfUtC4aUDundcUE3TD1YFakzZcVGiiEHVQNWBUAAKhIJOQ NKoV1F4X2Vvi6NLauI5qR1ZkRcfffdg5o+5mbkc4VwB1xjLmBuybjAZTWXeshUlK5aVLTvpPW mvirlFuO3SvuPOrhRN03zexty8HIvJRACUujqtsZGoKgVAJhMfG8tZrY0OR0lRsaLpSUkpZ1G ErmuV5UWaKrvVwiEj+8THxcXHJSBAAAghjAADYIQwAoQAA0KtV2xSoEApBUqBUEoAyE8H... ) no-repeat; }
  14. 14. Concatenation $ cat *.js > single-monster.js
  15. 15. Sharding
  16. 16. HTTP history lesson 1996: HTTP/1.0 RFC 1945 1997: HTTP/1.1 RFC 2068 1999: HTTP/1.1 RFC 2616 2007: HTTPbis started to refresh HTTP/1.1 2009: Google announced SPDY 2011: Chrome and all Google services run SPDY 2012: HTTP/2 work began, based on SPDY 2014: HTTP/1.1 updated, RFC 7230 series 2015: ...
  17. 17. RFC 7540RFC 7540
  18. 18. Just a new framing layer maintains HTTP paradigms http:// and https:// URLs remain HTTP/1.1 will linger for decades Proxies to convert 1:1
  19. 19. Conservative in what you accept less optional parts no minor version
  20. 20. Binary No more telnet Easier framing TLS and compression anyway Wireshark inspector frame types, like HEADERS and DATA
  21. 21. Multiplexed (1/2) Multiple streams over a single physical connection Max number of parallel streams set by peer
  22. 22. Multiplexed (2/2)
  23. 23. Connection coalescing IP address range overlap Both SAN names in cert “unsharded”
  24. 24. One TCP connectionOne TCP connection
  25. 25. Better utilization of bandwidth
  26. 26. Streams Dependencies Flow control Have streams depend on other streams that should arrive first Priorities Change a stream’s “weight” at any time Allow streams to be consumed at different speeds
  27. 27. Header compression headers are big and repetitive 1.1 has no header compression HPACK
  28. 28. Server push Give me HTML please! Here's HTML for you Here's CSS for you
  29. 29. Negotiate HTTP/2 on HTTP:// Upgrade:
  30. 30. Negotiate HTTP/2 on HTTPS:// ALPN
  31. 31. HTTPS-only HTTP/2HTTPS-only HTTP/2 TCP on port 80 – HTTP/1 !! Upgrade: ? No way! privacy and user protection
  32. 32. Safer HTTPSSafer HTTPS No compression No renegotiation TLS 1.2 or later Cipher suite requirements
  33. 33. HTTP/2 is not Mandatory TLS Changing HTTP headers Websockets
  34. 34. Implementations Akamai Ghost, Apache HTTP Server, Apache Traffic Server, http4s-blaze, Chromium, Chicken Scheme hpack lib, cl-http2-protocol, curl and libcurl, Dart, Deuterium, Ericsson MSP, F5, H2O, Haskell http2 lib, http-2, http2, hyper, hyper, Shaka Technologies Ishlangu Load Balancer, Jetty, LiteSpeed Enterprise, Lucid, Microsoft, mod_h2, Mozilla Firefox, Netty, nghttp2, Radware, NGINX, node-http2, OkHttp, OpenLiteSpeed, Protocol::HTTP2, Brocade SteelApp Traffic Manager (formerly Riverbed/Zeus TM), Sasazka, second-transfer, ShimmerCat, Test GFE, Trusterd, Twitter, Undertow, Warp, Wireshark, WKWebView
  35. 35. servers
  36. 36. browsers
  37. 37.
  38. 38. HTTP/2 in Browsers – April 2016 Browsers only over HTTPS Firefox: 23% HTTP/2 35% of HTTPS is HTTP/2 HTTP/2 in 85% of browsers in Sweden Chrome will remove support for SPDY in May 2016
  39. 39. HTTP/2 for content – April 2016 7% of top 10 million 9% of top 1 million 19% of top 500 >50% for most sites Akamai went “live” late March 2016 Googlebot groks HTTP/2 ”early 2016” Amazon Cloudfront “this year” Jul 15 Jan 16 Apr 16Jan 16
  40. 40. deploydeploy
  41. 41. Poking at it HTTP/2 and SPDY indicator Apache, NGINX, H2O, ATS, Caddy, Litespeed nghttp2 curl wireshark h2i
  42. 42. Challenges for you h2 is straight-forward, but ... HTTPS is not OpenSSL / other TLS-lib versions and ALPN Mixed content Certificates
  43. 43. HTTP/2 – what to expect for your site It depends 20% - 60% faster is common Server push makes a difference Remember: HTTPS Shorten dependency chains!
  44. 44. the HTTP futurethe HTTP future
  45. 45. Improving what we have h2 server push improvements h2 client certs? (slightly) improved cookies TCP tuning for HTTP More HTTPS Better h2 tools, more h2 comparisons
  46. 46. Beyond HTTP/2 Time to drop HTTP/1 legacies HTTP/3 will happen faster QUIC…?
  47. 47. QUIC and the OSI model crash TCP, TLS and HTTP/2 over UDP in userspace no TCP head of line blocking other congestion control move across interfaces forward error correction “TCP improvements” - much faster
  48. 48. Final recapFinal recap binary + multiplexedbinary + multiplexed primarily over TLSprimarily over TLS users won't see a “2”users won't see a “2” deploy!deploy!
  49. 49. Questions?
  50. 50. Doing good is part of our code Thank you!
  51. 51. Credits HTTP and TCP trend numbers from RTT / page load data from Mike Belshe Front and HTTP future images by Simon Stålenhag HTTP/2 lego frame image by Mark Nottingham HTTP/2 usage numbers by Mozilla Telemetry Lego pieces borrowed from my kids
  52. 52. License This presentation and its contents are licensed under the Creative Commons Attribution 4.0 license: