The document discusses the evolution of HTTP from its early versions to HTTP/2, detailing improvements like multiplexing, header compression, and server push capabilities. It highlights the challenges and considerations for deploying HTTP/2, particularly with safety and TLS requirements, as well as its growing adoption in modern browsers and services. It also touches upon the future of HTTP, including potential developments like HTTP/3 and the use of QUIC.

1. Google Stockholm, April 12th
2016

2. Email:daniel@haxx.se
Twitter:@bagder
Web:daniel.haxx.se
Blog:daniel.haxx.se/blog
Daniel Stenberg

3. Future
HTTP Today
HTTP/2
Status
Deploy

4. Internet TodayInternet Today
HTTP forHTTP for everythingeverything
The web hasThe web has changedchanged
significantlysignificantly since the 90ssince the 90s

5. Request and payload growth
in the last 4 years...
8080
100100
800K800K
2300K2300K
the average website loads 50+ resources on a
single domain

6. connections per page

7. Roundtrip Bonanza

8. Latency adds up
4,000 ms
750 ms
Page load
time
Round trip
time
0 ms 240 ms

9. Speed of light
The world is still big
+ slower through fiber
+ never the shortest distance
+ buffer (bloat)
+ radio networks =
Several hundred milliseconds

10. Head of line blockingHead of line blocking

11. HTTP 1.1HTTP 1.1
workaroundsworkarounds

12. SpritingSpriting

13. InliningInlining
.icon {
background:
url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABGwAAAGDCAIAAADxuBH7AAA
AAXNSR0IArs4c6QAAAAlwSFlzAAAOdQAADnUBuWNRMgAAAAd0SU1FB9kLHRYqOHOE8mAAACAA
SURBVHja7J13fFVF9sDPzC2vJy+9kAaBJBTpvVoQkSYCVlTcxYaua1lx1bWsrrs/18qquIC9s
CoqgiIiXZpU6QECpPfySl67deb3x4vhkeS9BATW1fl+8snn3rlTzpk58+6cO3PnIkrpyeP5AH
C4oBoYDAaDwWAwGAwGgxERvvlo7+7NrDoYDAaDwWAwGAwGIzKoeSYqu1sPVh0MBoPBYDAYDAa
DEZlTM1Erv/ueVQeDwWAwGAwGg8FgdNSJQoBYdTAYDAaDwWAwGAxGR50ojDvkRLn86tE6v9On
+111CBGbzZ5s43JTY0RB+JmiSCqp9ykBlaqSD1EQjQabiOJsJo7jzpLsl5tCHfKTn8Dj9CyBZ
lSzan5iZ1FwXxHJaiaZqiSAAQCAQoobzAc5gzW6znVTUGg8FgMBgMBoNxfp0oQO04USdqvCuK
caHQQxZjRNGEUrFOQAoEvBUNiUXHhqDDEwd0jrFZzkIIh08pcIKDS9SxkeN4ZMOEgqaqijdgc
danodpuqTEmg3huNT9RX7CidtnJ6GOaWU1OSiZdiFf11jfWNzgdWYc6D5VGTrzoqhhb7M8sJR
DwY0QTExNt0VGiIGAAAPAritPhqK+pdTd64uITDQbDzylCkaX6+ipVkRAgQeCZTTMY5wpKqSz
LiqKoqqppGqWU1QmDwWAwGL9iMMcZDEaLxWa1RsfEJUSIeWpjicIyV7hIsqIu/tFxwD42L8Nm
xuCXIaCCRoAS0HWQNXAEaK3Pa6zbfUtC4aUDundcUE3TD1YFakzZcVGiiEHVQNWBUAAKhIJOQ
NKoV1F4X2Vvi6NLauI5qR1ZkRcfffdg5o+5mbkc4VwB1xjLmBuybjAZTWXeshUlK5aVLTvpPW
mvirlFuO3SvuPOrhRN03zexty8HIvJRACUujqtsZGoKgVAJhMfG8tZrY0OR0lRsaLpSUkpZ1G
ErmuV5UWaKrvVwiEj+8THxcXHJSBAAAghjAADYIQwAoQAA0KtV2xSoEApBUqBUEoAyE8H...
) no-repeat;
}

14. Concatenation
$ cat *.js > single-monster.js

15. Sharding

17. HTTP history lesson
1996: HTTP/1.0 RFC 1945
1997: HTTP/1.1 RFC 2068
1999: HTTP/1.1 RFC 2616
2007: HTTPbis started to refresh HTTP/1.1
2009: Google announced SPDY
2011: Chrome and all Google services run SPDY
2012: HTTP/2 work began, based on SPDY
2014: HTTP/1.1 updated, RFC 7230 series
2015: ...

18. RFC 7540RFC 7540

19. Just a new framing layer
maintains HTTP paradigms
http:// and https:// URLs remain
HTTP/1.1 will linger for decades
Proxies to convert 1:1

20. Conservative in what you accept
less optional parts
no minor version

21. Binary
No more telnet
Easier framing
TLS and compression anyway
Wireshark inspector
frame types, like HEADERS and DATA

22. Multiplexed (1/2)
Multiple streams over a single physical connection
Max number of parallel streams set by peer

23. Multiplexed (2/2)

24. Connection coalescing
1.2.3.4
2.3.4.5
1.2.3.4
3.4.5.6
IP address range overlap
Both SAN names in cert
“unsharded”

25. One TCP connectionOne TCP connection

26. Better utilization of bandwidth

27. Streams
Dependencies
Flow control
Have streams
depend on other
streams that
should arrive first
Priorities
Change a stream’s
“weight” at any time
Allow streams to be
consumed at
different speeds

28. Header compression
headers are big and repetitive
1.1 has no header compression
HPACK

29. Server push
Give me HTML please!
Here's HTML for you
Here's CSS for you

30. Negotiate HTTP/2 on HTTP://
Upgrade:

31. Negotiate HTTP/2 on HTTPS://
ALPN

32. HTTPS-only HTTP/2HTTPS-only HTTP/2
TCP on port 80 – HTTP/1 !!
Upgrade: ? No way!
privacy and user protection

33. Safer HTTPSSafer HTTPS
No compression
No renegotiation
TLS 1.2 or later
Cipher suite requirements

34. HTTP/2 is not
Mandatory TLS
Changing HTTP headers
Websockets

35. Implementations
Akamai Ghost, Apache HTTP Server, Apache Traffic
Server, http4s-blaze, Chromium, Chicken Scheme
hpack lib, cl-http2-protocol, curl and libcurl, Dart,
Deuterium, Ericsson MSP, F5, H2O, Haskell http2 lib,
http-2, http2, hyper, hyper, Shaka Technologies
Ishlangu Load Balancer, Jetty, LiteSpeed Enterprise,
Lucid, Microsoft, mod_h2, Mozilla Firefox, Netty,
nghttp2, Radware, NGINX, node-http2, OkHttp,
OpenLiteSpeed, Protocol::HTTP2, Brocade SteelApp
Traffic Manager (formerly Riverbed/Zeus TM), Sasazka,
second-transfer, ShimmerCat, Test GFE, Trusterd,
Twitter, Undertow, Warp, Wireshark, WKWebView
https://github.com/http2/http2-spec/wiki/Implementations

36. servers

37. browsers

38. http://caniuse.com/#search=http2

39. HTTP/2 in Browsers – April 2016
Browsers only over HTTPS
Firefox: 23% HTTP/2
35% of HTTPS is HTTP/2
HTTP/2 in 85% of browsers in Sweden
Chrome will remove support for SPDY
in May 2016

40. HTTP/2 for content – April 2016
7% of top 10 million
9% of top 1 million
19% of top 500
>50% for most sites
Akamai went “live” late March 2016
Googlebot groks HTTP/2 ”early 2016”
Amazon Cloudfront “this year”
Jul 15 Jan 16 Apr 16Jan 16

41. deploydeploy

42. Poking at it
HTTP/2 and SPDY indicator
Apache, NGINX,
H2O, ATS, Caddy, Litespeed
nghttp2
curl
wireshark
h2i

43. Challenges for you
h2 is straight-forward, but ...
HTTPS is not
OpenSSL / other TLS-lib versions and ALPN
Mixed content
Certificates

44. HTTP/2 – what to expect for your site
It depends
20% - 60% faster is common
Server push makes a difference
Remember: HTTPS
Shorten dependency chains!

45. the HTTP futurethe HTTP future

46. Improving what we have
h2 server push improvements
h2 client certs?
(slightly) improved cookies
TCP tuning for HTTP
More HTTPS
Better h2 tools, more h2
comparisons

47. Beyond HTTP/2
Time to drop HTTP/1 legacies
HTTP/3 will happen faster
QUIC…?

48. QUIC and the OSI model crash
TCP, TLS and HTTP/2 over UDP in userspace
no TCP head of line blocking
other congestion control
move across interfaces
forward error correction
“TCP improvements” - much faster

49. Final recapFinal recap
binary + multiplexedbinary + multiplexed
primarily over TLSprimarily over TLS
users won't see a “2”users won't see a “2”
deploy!deploy!

50. Questions?
http://daniel.haxx.se/http2http://hpbn.co/

51. Doing good is part of our code
Thank you!

52. Credits
HTTP and TCP trend numbers from
http://httparchive.org
RTT / page load data from Mike Belshe
Front and HTTP future images by Simon
Stålenhag
HTTP/2 lego frame image by Mark Nottingham
HTTP/2 usage numbers by Mozilla Telemetry
Lego pieces borrowed from my kids

53. License
This presentation and its contents are licensed
under the Creative Commons Attribution 4.0
license:
http://creativecommons.org/licenses/by/4.0/