1. GOTO 10 - January 22, 2019

2. Daniel Stenberg
@bagder

4. AgendaAgenda
The road from HTTP 1 to 2 to 3The road from HTTP 1 to 2 to 3
Some details on TCP and TLSSome details on TCP and TLS
Problems with HTTP/2Problems with HTTP/2
Fixing TCP isn’t possibleFixing TCP isn’t possible
Why QUICWhy QUIC
How QUIC worksHow QUIC works
HTTP/3 is HTTP over QUICHTTP/3 is HTTP over QUIC
HTTP/3 is coming soon!HTTP/3 is coming soon!

5. Beware
I will presume basic networking knowledge
I will not show many protocol bytes or bits
Some details may change subtly before shipped
Feel free to interrupt and ask at any time!

6. HTTP/1
HTTP/2
HTTP/3

7. HTTP started done over TCP

8. TCPTCP
TCP/IP means it works over IP
Establishes a “connection”
3-way handshake
Resends lost packages
Delivers a byte stream
Clear text

9. HTTPS means TCP + TLS + HTTP

10. HTTPS is eating the web

12. TLSTLS
TLS is done over TCP for HTTP/1 or 2
Transport Layer Security
Additional handshake
Privacy and security

13. HTTP over TCP

14. HTTP/1.1HTTP/1.1
Shipped June 1999
Many parallel TCP connections
Ineffective TCP use
HTTP head-of-line-blocking
Numerous work-arounds

15. HTTP/2HTTP/2
Shipped May 2015
Uses single connection per host
Many parallel streams
TCP head-of-line-blocking

16. OssificationOssification
Internet is full of boxes
Routers, gateways, firewalls, load balancers,
NATs...
Boxes run software to handle network data
Middle-boxes work on existing protocols
Upgrade much slower than edges

17. Internet
WWW

18. Internet
WWW

19. Ossification prevents
HTTP/2 in clear textHTTP/2 in clear text
TCP improvements like TFOTCP improvements like TFO
TCP/UDP replacementsTCP/UDP replacements
Future innovationsFuture innovations
…… unless encryptedunless encrypted

20. Improvement in spite of ossification

22. A new transport protocol

23. Built on experiences by Google QUIC
Google deployed “http2 frames over UDP”-QUIC in 2013Google deployed “http2 frames over UDP”-QUIC in 2013
Widely used clientWidely used client
Widely used web servicesWidely used web services
Proven to work at web scaleProven to work at web scale
Taken to the IETF in 2015Taken to the IETF in 2015
QUIC working group started 2016QUIC working group started 2016
IETF QUIC is now very different than Google QUIC wasIETF QUIC is now very different than Google QUIC was

24. Improvements
TCP head of line blockingTCP head of line blocking
Faster handshakesFaster handshakes
Earlier dataEarlier data
More encryption, alwaysMore encryption, always
Future developmentFuture development

25. Build on top of UDP
TCP and UDP remain “the ones”TCP and UDP remain “the ones”
Use UDP instead of IPUse UDP instead of IP
Reliable transport protocol - inReliable transport protocol - in
user-spaceuser-space
A little like TCP + TLSA little like TCP + TLS

26. UDP isn’t reliable, QUIC is
UDP
Connectionless
No resends
No flow control
QUIC
Uses UDP like TCP uses IP
Adds connections, resends and flow control on top

27. Streams!
QUIC provides streams
Many logical flows within a single connection
Similar to HTTP/2 but in the transport layer
Independent streams

28. Independent streams
TCPTCP
QUICQUIC

29. Application protocols over QUICApplication protocols over QUIC
Streams for free
Could be “any protocol”
HTTP worked on as the first
Others are planned to follow

30. HTTP/3 = HTTP over QUIC

31. HTTP – same but different
RequestRequest
- method + path- method + path
- headers- headers
- body- body
ResponseResponse
- response code- response code
- headers- headers
- body- body

32. HTTP – same but different
HTTP/1 – in ASCII over TCP
HTTP/2 – binary multiplexed over TCP
HTTP/3 – binary over multiplexed QUIC

33. Stacks: HTTP/2 vs HTTP/3
IP
TCP
TLS 1.2+
HTTP/2
UDP
HTTP/3
QUIC
TLS 1.3
IP

34. Features: HTTP/2 vs HTTP/3
HTTP/2 HTTP/3
Transport TCP QUIC
Streams HTTP/2 QUIC
Clear-text version yes no
Independent streams no yes
Header compression HPACK QPACK
Server push yes yes
Early data In theory yes
0-RTT handshake no yes

35. QUIC is fasterQUIC is faster
data from Google done with Google QUIC
Shaving a full second off the Google Search page
load time for the slowest 1% of connections
18% less buffering time on YouTube
75% of connections can take advantage of QUIC’s
zero-round-trip feature
3% improvement in mean page google search load
time with QUIC

36. HTTPS is TCP?
HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere
TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443

37. This service - over there!
The Alt-Svc: response header
Another host, protocol or port number is the
same “origin”
This site also runs on HTTP/3 “over there”, for
the next NNNN seconds

38. Will HTTP/3 deliver?

39. HTTP/3 challenges
3-7% something of all QUIC attempts fail
Clients need “fall back” algorithms
CPU intensive
Unoptimized UDP stacks
“Funny” TLS layer
All QUIC stacks are user-land
No standard QUIC API
Lack of tooling

40. Ship date

41. Implementations
Over a dozen QUIC implementations, but HTTP/3
lags behind
Google, Mozilla, Apple, Facebook, Akamai, Fastly,
Cloudflare, F5, LiteSpeed, and more
No browser has an implementation yet
Neither do Apache or nginx
curl doesn’t support HTTP/3 yet either

42. HTTP/3 deployments will take
time outside the top
HTTP/3 will grow slower than
HTTP/2 did
Some sites will stick to HTTP/
2
QUIC is for the long term

43. FutureFuture
MultipathMultipath
Forward error correctionForward error correction
Unreliable streamsUnreliable streams
More application protocolsMore application protocols

44. Take-aways
HTTP/3 is coming soonHTTP/3 is coming soon
HTTP/3 is always encryptedHTTP/3 is always encrypted
Similar to HTTP/2 but over QUICSimilar to HTTP/2 but over QUIC
QUIC is a transport done over UDPQUIC is a transport done over UDP
Challenges to overcomeChallenges to overcome
Live before summer 2019Live before summer 2019

45. HTTP/3 Explained
https://daniel.haxx.se/http3-explained

46. Daniel Stenberg
@bagder
https://daniel.haxx.se/
Thank you!Thank you!
Questions?Questions?

47. Credits
QUIC drafts: https://quicwg.github.io/
Images: https://pixabay.com/
This presentation is provided under the Creative Commons Attribution 4.0 International Public License