Advertisement
Http2
Apr. 1, 2014•0 likes•45,405 views
25 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
A technical description of http2, including background of HTTP what's been problematic with it and how http2 and its features improves the web. See the "http2 explained" document with the complete transcript and more: http://daniel.haxx.se/http2/ (Updated version to slides shown on April 13th, 2016)
Daniel StenbergFollow
Segfault manufacturer at wolfSSLAdvertisement
Http2
- Google Stockholm, April 12th 2016
- Email:daniel@haxx.se Twitter:@bagder Web:daniel.haxx.se Blog:daniel.haxx.se/blog Daniel Stenberg
- Future HTTP Today HTTP/2 Status Deploy
- Internet TodayInternet Today HTTP forHTTP for everythingeverything The web hasThe web has changedchanged significantlysignificantly since the 90ssince the 90s
- Request and payload growth in the last 4 years... 8080 100100 800K800K 2300K2300K the average website loads 50+ resources on a single domain
- connections per page
- Roundtrip Bonanza
- Latency adds up 4,000 ms 750 ms Page load time Round trip time 0 ms 240 ms
- Speed of light The world is still big + slower through fiber + never the shortest distance + buffer (bloat) + radio networks = Several hundred milliseconds
- Head of line blockingHead of line blocking
- HTTP 1.1HTTP 1.1 workaroundsworkarounds
- SpritingSpriting
- InliningInlining .icon { background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABGwAAAGDCAIAAADxuBH7AAA AAXNSR0IArs4c6QAAAAlwSFlzAAAOdQAADnUBuWNRMgAAAAd0SU1FB9kLHRYqOHOE8mAAACAA SURBVHja7J13fFVF9sDPzC2vJy+9kAaBJBTpvVoQkSYCVlTcxYaua1lx1bWsrrs/18qquIC9s CoqgiIiXZpU6QECpPfySl67deb3x4vhkeS9BATW1fl+8snn3rlTzpk58+6cO3PnIkrpyeP5AH C4oBoYDAaDwWAwGAwGgxERvvlo7+7NrDoYDAaDwWAwGAwGIzKoeSYqu1sPVh0MBoPBYDAYDAa DEZlTM1Erv/ueVQeDwWAwGAwGg8FgdNSJQoBYdTAYDAaDwWAwGAxGR50ojDvkRLn86tE6v9On +111CBGbzZ5s43JTY0RB+JmiSCqp9ykBlaqSD1EQjQabiOJsJo7jzpLsl5tCHfKTn8Dj9CyBZ lSzan5iZ1FwXxHJaiaZqiSAAQCAQoobzAc5gzW6znVTUGg8FgMBgMBoNxfp0oQO04USdqvCuK caHQQxZjRNGEUrFOQAoEvBUNiUXHhqDDEwd0jrFZzkIIh08pcIKDS9SxkeN4ZMOEgqaqijdgc danodpuqTEmg3huNT9RX7CidtnJ6GOaWU1OSiZdiFf11jfWNzgdWYc6D5VGTrzoqhhb7M8sJR DwY0QTExNt0VGiIGAAAPAritPhqK+pdTd64uITDQbDzylCkaX6+ipVkRAgQeCZTTMY5wpKqSz LiqKoqqppGqWU1QmDwWAwGL9iMMcZDEaLxWa1RsfEJUSIeWpjicIyV7hIsqIu/tFxwD42L8Nm xuCXIaCCRoAS0HWQNXAEaK3Pa6zbfUtC4aUDundcUE3TD1YFakzZcVGiiEHVQNWBUAAKhIJOQ NKoV1F4X2Vvi6NLauI5qR1ZkRcfffdg5o+5mbkc4VwB1xjLmBuybjAZTWXeshUlK5aVLTvpPW mvirlFuO3SvuPOrhRN03zexty8HIvJRACUujqtsZGoKgVAJhMfG8tZrY0OR0lRsaLpSUkpZ1G ErmuV5UWaKrvVwiEj+8THxcXHJSBAAAghjAADYIQwAoQAA0KtV2xSoEApBUqBUEoAyE8H... ) no-repeat; }
- Concatenation $ cat *.js > single-monster.js
- Sharding
- HTTP history lesson 1996: HTTP/1.0 RFC 1945 1997: HTTP/1.1 RFC 2068 1999: HTTP/1.1 RFC 2616 2007: HTTPbis started to refresh HTTP/1.1 2009: Google announced SPDY 2011: Chrome and all Google services run SPDY 2012: HTTP/2 work began, based on SPDY 2014: HTTP/1.1 updated, RFC 7230 series 2015: ...
- RFC 7540RFC 7540
- Just a new framing layer maintains HTTP paradigms http:// and https:// URLs remain HTTP/1.1 will linger for decades Proxies to convert 1:1
- Conservative in what you accept less optional parts no minor version
- Binary No more telnet Easier framing TLS and compression anyway Wireshark inspector frame types, like HEADERS and DATA
- Multiplexed (1/2) Multiple streams over a single physical connection Max number of parallel streams set by peer
- Multiplexed (2/2)
- Connection coalescing 1.2.3.4 2.3.4.5 1.2.3.4 3.4.5.6 IP address range overlap Both SAN names in cert “unsharded”
- One TCP connectionOne TCP connection
- Better utilization of bandwidth
- Streams Dependencies Flow control Have streams depend on other streams that should arrive first Priorities Change a stream’s “weight” at any time Allow streams to be consumed at different speeds
- Header compression headers are big and repetitive 1.1 has no header compression HPACK
- Server push Give me HTML please! Here's HTML for you Here's CSS for you
- Negotiate HTTP/2 on HTTP:// Upgrade:
- Negotiate HTTP/2 on HTTPS:// ALPN
- HTTPS-only HTTP/2HTTPS-only HTTP/2 TCP on port 80 – HTTP/1 !! Upgrade: ? No way! privacy and user protection
- Safer HTTPSSafer HTTPS No compression No renegotiation TLS 1.2 or later Cipher suite requirements
- HTTP/2 is not Mandatory TLS Changing HTTP headers Websockets
- Implementations Akamai Ghost, Apache HTTP Server, Apache Traffic Server, http4s-blaze, Chromium, Chicken Scheme hpack lib, cl-http2-protocol, curl and libcurl, Dart, Deuterium, Ericsson MSP, F5, H2O, Haskell http2 lib, http-2, http2, hyper, hyper, Shaka Technologies Ishlangu Load Balancer, Jetty, LiteSpeed Enterprise, Lucid, Microsoft, mod_h2, Mozilla Firefox, Netty, nghttp2, Radware, NGINX, node-http2, OkHttp, OpenLiteSpeed, Protocol::HTTP2, Brocade SteelApp Traffic Manager (formerly Riverbed/Zeus TM), Sasazka, second-transfer, ShimmerCat, Test GFE, Trusterd, Twitter, Undertow, Warp, Wireshark, WKWebView https://github.com/http2/http2-spec/wiki/Implementations
- servers
- browsers
- http://caniuse.com/#search=http2
- HTTP/2 in Browsers – April 2016 Browsers only over HTTPS Firefox: 23% HTTP/2 35% of HTTPS is HTTP/2 HTTP/2 in 85% of browsers in Sweden Chrome will remove support for SPDY in May 2016
- HTTP/2 for content – April 2016 7% of top 10 million 9% of top 1 million 19% of top 500 >50% for most sites Akamai went “live” late March 2016 Googlebot groks HTTP/2 ”early 2016” Amazon Cloudfront “this year” Jul 15 Jan 16 Apr 16Jan 16
- deploydeploy
- Poking at it HTTP/2 and SPDY indicator Apache, NGINX, H2O, ATS, Caddy, Litespeed nghttp2 curl wireshark h2i
- Challenges for you h2 is straight-forward, but ... HTTPS is not OpenSSL / other TLS-lib versions and ALPN Mixed content Certificates
- HTTP/2 – what to expect for your site It depends 20% - 60% faster is common Server push makes a difference Remember: HTTPS Shorten dependency chains!
- the HTTP futurethe HTTP future
- Improving what we have h2 server push improvements h2 client certs? (slightly) improved cookies TCP tuning for HTTP More HTTPS Better h2 tools, more h2 comparisons
- Beyond HTTP/2 Time to drop HTTP/1 legacies HTTP/3 will happen faster QUIC…?
- QUIC and the OSI model crash TCP, TLS and HTTP/2 over UDP in userspace no TCP head of line blocking other congestion control move across interfaces forward error correction “TCP improvements” - much faster
- Final recapFinal recap binary + multiplexedbinary + multiplexed primarily over TLSprimarily over TLS users won't see a “2”users won't see a “2” deploy!deploy!
- Questions? http://daniel.haxx.se/http2http://hpbn.co/
- Doing good is part of our code Thank you!
- Credits HTTP and TCP trend numbers from http://httparchive.org RTT / page load data from Mike Belshe Front and HTTP future images by Simon Stålenhag HTTP/2 lego frame image by Mark Nottingham HTTP/2 usage numbers by Mozilla Telemetry Lego pieces borrowed from my kids
- License This presentation and its contents are licensed under the Creative Commons Attribution 4.0 license: http://creativecommons.org/licenses/by/4.0/
Advertisement