Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

HTTP/2 in the Cincom Smalltalk™ SiouX Server

196 views

Published on

First Name: Jerry
Last Name: Kott

youtube: https://youtu.be/F8TCVnpMt2w

Title: HTTP/2 in the Cincom Smalltalk™ SiouX Server

Type: Talk

Abstract:

In this presentation, Jerry will discuss technical aspects of the newly added support for HTTP/2 in the SiouX HTTP server. SiouX is a general-purpose Web
server that uses both HTTP and HTTPS protocols and Net/Xtreams. This framework provides a secure, efficient and extensible server with HTTP services that
are in sync with the current HTTP standards.

Some of the topics covered in this talk will include:
• How to configure a SiouX Server to handle HTTP/2 requests. A brief overview of the HTTP protocol upgrade mechanism and the API to enable
processing of HTTP/2 requests by SiouX.
• High level design overview. Describe differences between multiple request/response pairs over multiple connections in HTTP/1.1 and stream
multiplexing over a single connection in HTTP/2.
• Security considerations: although HTTP/2 can be used over a plaintext connection, all browser vendors announced they will only implement the
secure version, using TLSv1.2 as the transport protocol. This has significant consequences for web server operators as it requires certificate management
and a minimum required set of supported cipher suites. Jerry will present a summary of those requirements and show a full secure web server configuration
with certificate files and HTTP/2 support.
• A demo of an AppeX application using combined HTTP/1.1 and HTTP/2 resources, showing a comparison between the two protocols relative performance.
Bio:
Jerry Kott, a senior software engineer, has been with Cincom Systems, Inc. now for nine years. Jerry is a valuable member of the Protocols team responsible
for network protocols, security and web application development components of the Cincom Smalltalk Foundation. With Cincom® ObjectStudio® and Cincom®
VisualWorks® both built on the same Foundation, this engineering group is responsible for critical improvements that enhance both products. Specifically,
Jerry brings a vast knowledge of network protocols and security to this team, instrumental in enhancing those components in Cincom Smalltalk.

In his talk, Jerry will be discussing HTTP/2 in the Cincom Smalltalk SiouX Server.

Prior to joining Cincom, Jerry worked as a Smalltalk consultant in a variety of industries including finance, insurance, telecommunications, manufacturing
and entertainment. Throughout his career, Jerry has used most of the Smalltalk dialects. He first met Smalltalk/V in his native Czechoslovakia in 1988 while
writing his Masters theses at the Faculty of Mathematics and Physics, Charles University of Prague. The political upheaval of 1988/1989 led Jerry to leave
Czechoslovakia, and after a year in Austria, his family settled in Canada. While working as a programmer analyst at the TD Bank in Toronto, he was
reintroduced to Smalltalk in 1993—this time with

Published in: Software
  • youtube: https://youtu.be/F8TCVnpMt2w
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

HTTP/2 in the Cincom Smalltalk™ SiouX Server

  1. 1. The 25th Annual European Smalltalk User Group ConferenceSeptember 4, 2017 HTTP/2 in Cincom Smalltalk ™ SiouX Server Speaker: Jerry Kott, OSCP
  2. 2. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. HTTP:A Bit of History • 1965:‘hypertext’ coined byTed Nelson for Xanadu project • 1989: original HTTP and HTML at CERN (Tim Berners-Lee) • 1991: HTTPV0.9 - first documented version.
 https://www.w3.org/Protocols/HTTP/AsImplemented.html • 1996: HTTP/1.0 - first version as an RFC 1945
 https://tools.ietf.org/html/rfc1945
 “This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind…” • 1997: HTTP/1.1 standard released as RFC 2068 @cincomsmalltalk #ESUG17
  3. 3. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. HTTP:A Bit of History • 1999: HTTP/1.1 updates and improvements as RFC 2616 …15 years… • 2014: HTTP/1.1 split into six different specification parts, obsoletes RFC 2616 • 2015: HTTP/2 published as RFC 7540
 https://tools.ietf.org/html/rfc7540 @cincomsmalltalk #ESUG17
  4. 4. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. HTTP/2 Key Points • Semantically compatible with HTTP/1.1 • Clients and servers negotiate to select version 1.1 or 2 • Fairly rapid adoption rate • Improved page loading performance, e.g.: • HTTP header compression • Server push • Request pipelining • Stream multiplexing over a singleTCP connection • Web browsers support HTTP/2 only overTLS @cincomsmalltalk #ESUG17
  5. 5. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. HTTP/2 Adoption Rate @cincomsmalltalk #ESUG17 HTTP/2 is used by 16.4% of the top 10 million websites. https://w3techs.com/technologies/details/ce-http2/all/all
  6. 6. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Components of HTTP/2 • Stream • Message: request or response • Frame: smallest part of HTTP/2 traffic • Frame types: • Control (e.g.: Priority, Header, 
 Continuation, …) • Data • Frames may be interleaved @cincomsmalltalk #ESUG17
  7. 7. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. HTTP/2 in SiouX Server • Preview was included in Cincom®VisualWorks® 8.2 • Full protocol implementation coming up inVisualWorks 8.3 • Supports both open and secure version. • Added requirements on Cincom Smalltalk security frameworks • HTTP/2 overTLS required by web browsers • TLS cipher suites with AEAD ciphers • Stream multiplexing, prioritization, dependencies • Challenging but also kind of fun @cincomsmalltalk #ESUG17
  8. 8. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Header Compression @cincomsmalltalk #ESUG17 HTTP/1.1 POST /http2_test HTTP/1.1
 Host: www.examples.org
 Content-Type: text/plain Content-Length: 10 98 bytes HTTP/2 :method POST
 :scheme http
 :path /http_test
 :authority www.example.org
 content-type text/plain
 content-length 10 HTTP/2 encoded bytes:
 :method POST -> #[131]
 :scheme http -> #[134]
 :path /http2_test -> #[68 136 98 116 166 177 68 146 161 63]
 :authority www.example.org -> #[65 140 241 227 194 229 242 58 107 160 171 158 201 191]
 content-type text/plain -> #[95 135 73 124 165 138 232 25 170] 
 content-length 10 -> #[92 2 49 48] 39 bytes
  9. 9. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Multiplexing • Multiple interleaving requests over a singleTCP connection. • Traffic is broken down into frames representing pieces of virtual HTTP streams • A stream represents an HTTP request/response pair @cincomsmalltalk #ESUG17
  10. 10. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Multiplexing • HTTP2ServerMultiplexer in SiouX-Http2 parcel • HTTP/1.1 socket accept: -> HttpConnection ~ Process ~ RequestContext • ManyTCP connections, one process per connection • HTTP/2 socket accept: -> HttpConnection ~ Process ~ (upgrade) HTTP2ServerMultiplexer header frame read from socket: -> id -> HTTP2ServerStream ~ Process ~ RequestContext • FewTCP connections, several processes per connection @cincomsmalltalk #ESUG17
  11. 11. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Stream Prioritization • Weight: a stream’s weight determines its processing priority relative to other streams • Dependency: a stream may depend on another stream being processed first • Web browser support for prioritization is evolving (Chrome vs. Firefox vs. IE …) @cincomsmalltalk #ESUG17
  12. 12. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Stream Prioritization @cincomsmalltalk #ESUG17
  13. 13. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Flow Control • Credit-based system • A peer advertises resource availability • Clients and servers must keep track of the amount of resources sent to the peers • Highly customizable settings allow the control of memory allocation for read & write buffers INITIAL_WINDOW_SIZE MAX_FRAME_SIZE … • Some settings may be negotiated ‘on the fly’ as resource availability changes @cincomsmalltalk #ESUG17
  14. 14. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Server Push • Replaces inlined resources • Server pushes them to the client to initiate caching without a round-trip request/response. • Consider carefully when to use it (not always beneficial) @cincomsmalltalk #ESUG17
  15. 15. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Server Push @cincomsmalltalk #ESUG17
  16. 16. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. SiouX HTTP/2 Code Samples server := Server id: 'MyServer'. listener := server listenOn: 8000 for: SiouX.HttpsConnection. server addSecureListener: listener certificateFile: 'certificates.pem' privateKeyFile: 'privatekey-rsa.key'. listener useHTTP2Protocol. server start. @cincomsmalltalk #ESUG17
  17. 17. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Settings Control “Configure TLS context to ensure HTTP/2 supported cipher suites and ALPN extension are present. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is a mandatory cipher suite.” listener tlsContext suites: (TLSCipherSuite suites: #(tls12 (#ecdhe #(#sha256 #sha384)))); addExtension: Xtreams.TLSAppLayerProtocolNegotiation defaultH2. version := Protocols.HTTPv20 new. listener protocolVersions: (Array with: version). @cincomsmalltalk #ESUG17
  18. 18. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Settings Control “Default settings may be changed according to application needs, e.g.:” version settings maxConcurrentStreams: 200; maxFrameSize: 1024 * 32; … outputWindowSize: 1024 * 64; “not part of spec, an internal optimization mechanism” … @cincomsmalltalk #ESUG17
  19. 19. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Configure Server Push “Server push must be enabled explicitly” version settings enablePush. “An HTTP response must receive #preloadLink for each resource to be pushed. Consider which resources to push carefully. Typically useful only on a first page load.” aResponse contentType: 'text/html'; preloadLink: self path, '/style.css'; preloadLink: self path, '/script.js'; … contents: '<HTML><BODY>some html</BODY></HTML>’. @cincomsmalltalk #ESUG17
  20. 20. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. How About AppeX? • All SiouX functionality inherent in AppeX • Potential performance benefits: • Single Page Application loads HTML only once • HTTP/2 server push can download CSS and JS into the client as HTML loads • After initial load, only data travels between the client and the server • Perceived performance improvement may be relatively small on the client BUT • Much less demand on the server and the network @cincomsmalltalk #ESUG17
  21. 21. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Demo: HTTP/2 Compared to HTTP/1.1 • Inspired by akamai http2 demo: https://http2.akamai.com/demo • The same ‘application’ is shown in two <iframe> elements • 400 tiles make up the final image. • HTTP/1.1: 400 requests on multiple connections • HTTP/2: 400 requests on a single multiplexed connection • The only difference is in SiouX listeners’ configuration @cincomsmalltalk #ESUG17
  22. 22. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Demo: HTTP/2 Compared to HTTP/1.1 @cincomsmalltalk #ESUG17
  23. 23. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Demo: HTTP/2 Compared to HTTP/1.1 @cincomsmalltalk #ESUG17
  24. 24. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Demo: HTTP/2 Compared to HTTP/1.1 • In terms of bandwidth efficiency (network time): • HTTP/1.1: 6 x 9.95 ~ 60 seconds • HTTP/2: 1 x 1.5 ~ 1.5 seconds • HTTP/2 is a clear winner @cincomsmalltalk #ESUG17
  25. 25. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. (Some of) HTTP/2 Best Practices • It’s all about performance • Don’t concatenate files • an HTTP/1.1 optimization technique to reduce number of requests. • It can lead to expensive cache invalidation in the client, actually reducing performance • Don’t inline assets • special case of file concatenation • use server push instead, if / when appropriate • Minimize the size of HTTP requests / responses • Send the minimum amount of data to make your application work • Use AppeX ! @cincomsmalltalk #ESUG17
  26. 26. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Issues • Increased memory demands on the server because of multiplexing - any server, not SiouX specifically • Added complexity of secure certificate management andTLS configuration • Using server proxies becomes tricky • e.g.: Apache has to be built from source, explicitly enabling HTTP/2 • The mod_proxy_http2 module is experimental • Limited debugging with network sniffing tools - traffic is encrypted @cincomsmalltalk #ESUG17
  27. 27. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Summary and Conclusion • HTTP/2 is semantically compatible with HTTP/1.1 • But vastly different in specs and implementation • Impressive performance gains • Many optimization options • Security built in because of browser vendors constraints • A simple API for SiouX server HTTP/2 configuration • Continuing work on enhancements and performance optimization @cincomsmalltalk #ESUG17
  28. 28. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Additional Resources • https://hpbn.co/http2/ • http://httpwg.org/specs/rfc7540.html • Read this document before using server push:
 https://docs.google.com/document/d/ 1K0NykTXBbbbTlv60t5MyJvXjqKGsCVNYHyLEXIxYMv0/ edit#heading=h.ke8t5vjw3jh4 • http://www.cincomsmalltalk.com/main/products/demos/http2/ @cincomsmalltalk #ESUG17
  29. 29. Proprietary & ConfidentialCOMPANY CONFIDENTIAL | ©2017 Cincom Systems, Inc.All Rights Reserved. Contact Us Suzanne Fortman 
 Director of Smalltalk Global Operations
 sfortman@cincom.com
 @SuzCST (Twitter) Arden Thomas 
 Product Manager
 athomas@cincom.com
 @ArdenTCST (Twitter) Jerry Kott
 Senior Software Engineer
 jkott@cincom.com @cincomsmalltalk #ESUG17
  30. 30. ThankYou! Any questions?
  31. 31. Cincom, the Quadrant Logo, Cincom Smalltalk, Cincom ObjectStudio and Cincom VisualWorks are trademarks or registered trademarks of Cincom Systems, Inc. ©2017 Cincom Systems, Inc. All Rights Reserved

×