Major Players Already Engaged● Google: Uses SPDY for all SSL Traffic ○ see about:net-internals in Chrome● Firefox ○ currently implementing SPDY● Amazon Kindle Fire ○ launching in a couple of weeks ○ using a very different, but wicked cool model for SPDY
What is SPDY?● Multiplexing ○ Get the data off the client● Compression ○ HTTP headers are excessive ○ Uplink bandwidth is limited● Prioritization ○ Today the browser holds back ○ Priorities enable multiplexing● Server Push ○ Websites do some of this today with data URLs
Why SSL?● Technically a myth, SPDY doesnt require SSL.● Started as a deployment reality● But we need to secure the net. ○ Not just for finance and banks anymore!
What about Proxies?● Proxies cause a lot of problems. ○ example: Pipelining, WebSockets● We need to transition to explicit proxies instead of implicit ○ This is a hard change.● SPDY does not address cacheable, secured content. Its simply out-of-scope for the project, but a very worthy project to solve.
What does Firefox say?From Patrick McManus:Number of parallel connections is exploding: ● NYT home page: 83 connections ● Google+: 64 connections ● Facebook photos: 75 connectionsHe points out: ● This creates horrible NAT pressure. ● 83 concurrent tcp control blocks has potential for enormous queues ● "That means HTTP breaks real time apps - SPDY lets us mitigate that problem"
What is Kindle Fire doing? Amazon Kindle Internet Service A single SPDY connection for everything.
Time to Standardize● Its clear others are finding SPDY compelling ○ Google, Firefox, Amazon, Cotendo, Strangeloop● We dont want a non-interoperable pile of goo.● Google is happy to standardize, and individuals from Google would like to play a role. But it will take its own form.● Planning to do this through IETF in 2012.
Deployment: Process of Elimination● Avoid changing the lower-level transport● Available transports: TCP or UDP. ○ Note: SCTP not an option due to NAT.● UDP ○ Wed have to re-engineer TCP features.● That leaves us with TCP. ○ Ok, so which port? 80 or 443?
Deployment: Port 80● Should be our first choice.● Except HTTP runs on port 80.● Proxies and intermediates make for a treacherous environment. ○ HTTP/1.1 1999 - Pipelining still not deployed ○ Compression negotiation● Upgrade header requires a round trip● WebSockets Data Shows that using HTTP over a non- standard port is less tampered with than port 80. ○ Success rate: ■ HTTP (port 80) 67% ■ HTTP (port 61985) 86% ■ HTTPS (port 443) 95%
Deployment: Port 443● Port 443 runs SSL/TLS. ○ Adds server authentication & encryption● Handshake is extensible: ○ Next-Protocol-Negotiation www.ietf.org/id/draft-agl-tls-nextprotoneg-00.txt
Request Path SPDY (closer to actual) SPDY (human readable)80 01 00 01 SYN frame00 00 00 6b stream_id = 100 00 00 01 associated_stream_id = 000 00 00 00 priority = 140 00 00 04 num_headers = 406method04post methodPOST03url1ahttp://blogger.com/my_blog urlhttp://blogger.com/my_blog0auser-agent13blahblahblah chrome user-agentblahblahblah chrome07version08http/1.1 versionHTTP/1.1 DATA frame stream_id = 100 00 00 01 flags = fin01 00 00 1f length = 31here is my very short blog post here is my very short blog post
Why does SPDY require SSL?● It doesnt.● Started as a deployment challenge.● However, Chrome will never ship a version that is not SSL based, Firefox engineers agree as well.