SlideShare a Scribd company logo
1 of 29
HTTP/2
The (not so) new Language of the Web
Software Engineer
All around nerd
Systems Administrator for 7 years
@aramonc in all the places
About Me
Slight History of HTTP 1.x
● World Wide Web first proposed by Tim Berners-Lee & team in 1989
● First documented in 1991 in HTTP 0.9
○ Request only GET
○ Response only HTML
● Officially documented in RFC 1945 as HTTP 1.0 in 1996
○ HTTP 1.1 was already in draft
○ Documented common use cases from existing web browsers
○ Not a standard
● HTTP 1.1 became official standard in 1997
○ Defined in RFC 2068
○ Additions & Disambiguations added in 1999 as RFC 2616
○ Supported by most browsers and tools since early drafts
○ Re-written into multiple proposed RFCs between 2007 & 2014
Then Came SPDY
● Binary protocol worked on by Mike Belshe &
Roberto Peon at Google
● Implemented on Chrome & GFE servers
between 2009 & 2014
● Introduced to Mark Nottingham of the IETF
HTTPBIS working group in 2012
● Became the basis of HTTP/2
Binary Protocol Features
● Binary framing
● Streams
● Request & response multiplexing
● Stream prioritization
● Single connection per origin
● Flow control
● Server Push
● Header Compression
The Final HTTP / 2 RFC(s)
● Hypertext Transfer Protocol version 2 - RFC7540
○ Describes the new internals of the protocol
○ Designed for low latency
● HPACK - Header Compression for HTTP/2 -
RFC7541
● Published in May 2015
Implementations
Apache 2.4.17
F5 (upcoming release)
Jetty ~7.6.13
IIS Server 2016
Nginx 1.9.5
Akamai ~2015
cURL 7.38.0
WireShark 1.11
IE 11 (Windows 10 only)
Edge 2
Chrome 41
Firefox 36
Current Browser Implementation
Binary Framing
● Similar to TCP packets
● Frames contain distinct
data (headers, payload,
etc)
● Frames are indexed
● Fixed length
Length
Flags
Identifier
Payload
Streams
● Bidirectional flow of bytes within a connection
● May carry one or more messages
● Single TCP connection can carry several streams
● Have identifiers
● Can be prioritized
Streams
by Ilya Grigorik
Capable of Multiplexing
● Frames in different streams can be interleaved
● Solves Head-of-Line blocking
by Ilya Grigorik
Header Compression
● Original SPDY compression was vulnerable
● HPACK used in HTTP/2
● HPACK uses 2 compression techniques
○ Huffman compression
○ Client & Server must keep indexed list of
previously seen headers
Header Compression
by Ilya Grigorik
Server Push
● Server knows content needed
● Server sends a PUSH_PROMISE frame
● Client can decide to accept frame or reset it
● Currently still experimental
TLS Only
● Not mandated by the standard
● Chrome & Firefox stated they will not support
without TLS
● Performance issues balanced in single
connection scenario
● http://letsencrypt.org
Connection Upgrade
● ALPN during TLS hand-shake
○ Recommended
● Connection & Upgrade headers
DoS Vectors
● Single connection reduces many vectors
● TCP is still point of failure
● HPACK & required buffering can be memory
intensive
● HPACK can be used to increase payload
● Header frames cannot be interrupted
What does this Mean for you?
● Increased performance
○ Conservative measure of 5% to 15%
● Decreased resource use
● New tools for debugging & monitoring
● Happier customers
● Time to switch
It’s for Everyone
● Reduces battery use in mobile devices
● Reduces CPU use in the server level
● Overall fewer costs
Transition Plan
● Know your application as it is
● Which strategy is best for your customers
● Optimizations you might need to change
● Benchmark before & after every change
● Deploy
Transition Plan
1. Internal / Backend APIs
2. Public APIs
3. CDNs
4. Front end applications
5. Load balancers & other proxies
Transition Strategies
● Sit and wait
● Adopt HTTP/2 completely
● Hybrid approach
Optimize, Fine Tune
● Applications currently compensate for
shortcomings in HTTP 1.1
● Most optimizations still ok
○ Maybe different
● Re-optimize assets to take advantage of new
features
● No changes to use of CDNs
Detrimental Optimizations
● Domain sharding
● Inline assets
● Image sprites
● Concatenated resources
Hybrid Approach
● For front-end servers
● HTTP/2 capable proxy
● Proxy terminates TLS
● Forwards requests to servers with appropriate
optimizations
● More costly approach
Benchmarks, Benchmarks, Benchmarks
● Load Impact comparison tool
○ http://http2.loadimpact.com/entry/
● Plugin for JMeter
● h2load
● Test all optimizations
Resources
● http://http2.github.io
● High Performance Browser Networking -
http://bit.ly/1PWhBQ3
● Google HTTP/2 podcasts - http://bit.ly/1QgUrUP
● http://caniuse.com/#feat=http2
● HTTP/2 is here, let’s optimize -
http://bit.ly/20KJq5I
Thank You!
http://bit.ly/1nvOOLV

More Related Content

What's hot

What HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouWhat HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouMark Nottingham
 
Communicating on the web
Communicating on the webCommunicating on the web
Communicating on the webAdrian Cardenas
 
What's New in HTTP/2
What's New in HTTP/2What's New in HTTP/2
What's New in HTTP/2NGINX, Inc.
 
HTTP 2.0 – What do I need to know?
HTTP 2.0 – What do I need to know? HTTP 2.0 – What do I need to know?
HTTP 2.0 – What do I need to know? Sigma Software
 
HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016Daniel Stenberg
 
HTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks StockholmHTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks StockholmDaniel Stenberg
 
HTTP/2: Ask Me Anything
HTTP/2: Ask Me AnythingHTTP/2: Ask Me Anything
HTTP/2: Ask Me AnythingNGINX, Inc.
 
In a HTTP/2 World - DeccanRubyConf 2017
In a HTTP/2 World - DeccanRubyConf 2017In a HTTP/2 World - DeccanRubyConf 2017
In a HTTP/2 World - DeccanRubyConf 2017Douglas Vaz
 
Advanced WCF Workshop
Advanced WCF WorkshopAdvanced WCF Workshop
Advanced WCF WorkshopIdo Flatow
 
Better performances with HTTP/2
Better performances with HTTP/2Better performances with HTTP/2
Better performances with HTTP/2Thomas Segismont
 
Debugging the Web with Fiddler
Debugging the Web with FiddlerDebugging the Web with Fiddler
Debugging the Web with FiddlerIdo Flatow
 
Let's use modern protocols everywhere!
Let's use modern protocols everywhere!Let's use modern protocols everywhere!
Let's use modern protocols everywhere!jcak77
 
Smuggling TCP traffic through HTTP
Smuggling TCP traffic through HTTPSmuggling TCP traffic through HTTP
Smuggling TCP traffic through HTTPDávid Halász
 

What's hot (20)

What HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouWhat HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For You
 
Communicating on the web
Communicating on the webCommunicating on the web
Communicating on the web
 
Http/2 lightning
Http/2   lightningHttp/2   lightning
Http/2 lightning
 
What's New in HTTP/2
What's New in HTTP/2What's New in HTTP/2
What's New in HTTP/2
 
Http2 right now
Http2 right nowHttp2 right now
Http2 right now
 
HTTP 2.0 – What do I need to know?
HTTP 2.0 – What do I need to know? HTTP 2.0 – What do I need to know?
HTTP 2.0 – What do I need to know?
 
HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016
 
HTTP/2
HTTP/2HTTP/2
HTTP/2
 
HTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks StockholmHTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks Stockholm
 
Introduction to HTTP2
Introduction to HTTP2Introduction to HTTP2
Introduction to HTTP2
 
HTTP/2: Ask Me Anything
HTTP/2: Ask Me AnythingHTTP/2: Ask Me Anything
HTTP/2: Ask Me Anything
 
HTTP2 is Here!
HTTP2 is Here!HTTP2 is Here!
HTTP2 is Here!
 
SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0
 
In a HTTP/2 World - DeccanRubyConf 2017
In a HTTP/2 World - DeccanRubyConf 2017In a HTTP/2 World - DeccanRubyConf 2017
In a HTTP/2 World - DeccanRubyConf 2017
 
Basics of NGINX
Basics of NGINXBasics of NGINX
Basics of NGINX
 
Advanced WCF Workshop
Advanced WCF WorkshopAdvanced WCF Workshop
Advanced WCF Workshop
 
Better performances with HTTP/2
Better performances with HTTP/2Better performances with HTTP/2
Better performances with HTTP/2
 
Debugging the Web with Fiddler
Debugging the Web with FiddlerDebugging the Web with Fiddler
Debugging the Web with Fiddler
 
Let's use modern protocols everywhere!
Let's use modern protocols everywhere!Let's use modern protocols everywhere!
Let's use modern protocols everywhere!
 
Smuggling TCP traffic through HTTP
Smuggling TCP traffic through HTTPSmuggling TCP traffic through HTTP
Smuggling TCP traffic through HTTP
 

Viewers also liked

The Case for HTTP/2
The Case for HTTP/2The Case for HTTP/2
The Case for HTTP/2Andy Davies
 
Http/2 - What's it all about?
Http/2  - What's it all about?Http/2  - What's it all about?
Http/2 - What's it all about?Andy Davies
 
더 빠른 웹을 위해: HTTP/2
더 빠른 웹을 위해: HTTP/2더 빠른 웹을 위해: HTTP/2
더 빠른 웹을 위해: HTTP/2EungJun Yi
 
HTTP/2: What no one is telling you
HTTP/2: What no one is telling youHTTP/2: What no one is telling you
HTTP/2: What no one is telling youFastly
 
How to know if you’ve been hacked
How to know if you’ve been hackedHow to know if you’ve been hacked
How to know if you’ve been hackedSucuri
 
How to Create a Professional Slideshare for Absolute Beginners
How to Create a Professional Slideshare for Absolute BeginnersHow to Create a Professional Slideshare for Absolute Beginners
How to Create a Professional Slideshare for Absolute BeginnersSarah Burke
 
Web Performance in the Age of HTTP2 - Topconf Tallinn 2016 - Holger Bartel
Web Performance in the Age of HTTP2 - Topconf Tallinn 2016 - Holger BartelWeb Performance in the Age of HTTP2 - Topconf Tallinn 2016 - Holger Bartel
Web Performance in the Age of HTTP2 - Topconf Tallinn 2016 - Holger BartelHolger Bartel
 
HTTP/2 for Developers
HTTP/2 for DevelopersHTTP/2 for Developers
HTTP/2 for DevelopersSvetlin Nakov
 
HTTP/2와 웹 성능 최적화 방안
HTTP/2와 웹 성능 최적화 방안HTTP/2와 웹 성능 최적화 방안
HTTP/2와 웹 성능 최적화 방안SangJin Kang
 
SPDY : 더 빠른 웹을 위한 프로토콜
SPDY : 더 빠른 웹을 위한 프로토콜SPDY : 더 빠른 웹을 위한 프로토콜
SPDY : 더 빠른 웹을 위한 프로토콜Yunsang Choi
 

Viewers also liked (12)

The Case for HTTP/2
The Case for HTTP/2The Case for HTTP/2
The Case for HTTP/2
 
Http/2 - What's it all about?
Http/2  - What's it all about?Http/2  - What's it all about?
Http/2 - What's it all about?
 
HTTP/2 in Examples
HTTP/2 in ExamplesHTTP/2 in Examples
HTTP/2 in Examples
 
더 빠른 웹을 위해: HTTP/2
더 빠른 웹을 위해: HTTP/2더 빠른 웹을 위해: HTTP/2
더 빠른 웹을 위해: HTTP/2
 
HTTP/2: What no one is telling you
HTTP/2: What no one is telling youHTTP/2: What no one is telling you
HTTP/2: What no one is telling you
 
null Pune meet - Understanding TCP/IP and Network Intrusion
null Pune meet - Understanding TCP/IP and Network Intrusionnull Pune meet - Understanding TCP/IP and Network Intrusion
null Pune meet - Understanding TCP/IP and Network Intrusion
 
How to know if you’ve been hacked
How to know if you’ve been hackedHow to know if you’ve been hacked
How to know if you’ve been hacked
 
How to Create a Professional Slideshare for Absolute Beginners
How to Create a Professional Slideshare for Absolute BeginnersHow to Create a Professional Slideshare for Absolute Beginners
How to Create a Professional Slideshare for Absolute Beginners
 
Web Performance in the Age of HTTP2 - Topconf Tallinn 2016 - Holger Bartel
Web Performance in the Age of HTTP2 - Topconf Tallinn 2016 - Holger BartelWeb Performance in the Age of HTTP2 - Topconf Tallinn 2016 - Holger Bartel
Web Performance in the Age of HTTP2 - Topconf Tallinn 2016 - Holger Bartel
 
HTTP/2 for Developers
HTTP/2 for DevelopersHTTP/2 for Developers
HTTP/2 for Developers
 
HTTP/2와 웹 성능 최적화 방안
HTTP/2와 웹 성능 최적화 방안HTTP/2와 웹 성능 최적화 방안
HTTP/2와 웹 성능 최적화 방안
 
SPDY : 더 빠른 웹을 위한 프로토콜
SPDY : 더 빠른 웹을 위한 프로토콜SPDY : 더 빠른 웹을 위한 프로토콜
SPDY : 더 빠른 웹을 위한 프로토콜
 

Similar to Http/2

SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0Mike Belshe
 
The new (is it really ) api stack
The new (is it really ) api stackThe new (is it really ) api stack
The new (is it really ) api stackLuca Mattia Ferrari
 
Http 2: Should I care?
Http 2: Should I care?Http 2: Should I care?
Http 2: Should I care?LivePerson
 
Next generation web protocols
Next generation web protocolsNext generation web protocols
Next generation web protocolsDaniel Austin
 
Massively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPMassively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPDemin Yin
 
MySQL X protocol - Talking to MySQL Directly over the Wire
MySQL X protocol - Talking to MySQL Directly over the WireMySQL X protocol - Talking to MySQL Directly over the Wire
MySQL X protocol - Talking to MySQL Directly over the WireSimon J Mudd
 
A New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOHA New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOHAPNIC
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICA new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICAPNIC
 
Meetup Tech Talk on Web Performance
Meetup Tech Talk on Web PerformanceMeetup Tech Talk on Web Performance
Meetup Tech Talk on Web PerformanceJean Tunis
 
Platform Independent Packet Processing with ODL
Platform Independent Packet Processing with ODLPlatform Independent Packet Processing with ODL
Platform Independent Packet Processing with ODLOPNFV
 

Similar to Http/2 (20)

SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0
 
The new (is it really ) api stack
The new (is it really ) api stackThe new (is it really ) api stack
The new (is it really ) api stack
 
Http/2
Http/2Http/2
Http/2
 
SPDY
SPDYSPDY
SPDY
 
Http 2: Should I care?
Http 2: Should I care?Http 2: Should I care?
Http 2: Should I care?
 
Http 2
Http 2Http 2
Http 2
 
Monkey Server
Monkey ServerMonkey Server
Monkey Server
 
Next generation web protocols
Next generation web protocolsNext generation web protocols
Next generation web protocols
 
Go at uber
Go at uberGo at uber
Go at uber
 
Varnish SSL / TLS
Varnish SSL / TLSVarnish SSL / TLS
Varnish SSL / TLS
 
HTTP
HTTPHTTP
HTTP
 
Massively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPMassively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHP
 
Cloud Native API Design and Management
Cloud Native API Design and ManagementCloud Native API Design and Management
Cloud Native API Design and Management
 
MySQL X protocol - Talking to MySQL Directly over the Wire
MySQL X protocol - Talking to MySQL Directly over the WireMySQL X protocol - Talking to MySQL Directly over the Wire
MySQL X protocol - Talking to MySQL Directly over the Wire
 
A New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOHA New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOH
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICA new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
 
Meetup Tech Talk on Web Performance
Meetup Tech Talk on Web PerformanceMeetup Tech Talk on Web Performance
Meetup Tech Talk on Web Performance
 
Bio routing - DKNOG9
Bio routing  - DKNOG9Bio routing  - DKNOG9
Bio routing - DKNOG9
 
Platform Independent Packet Processing with ODL
Platform Independent Packet Processing with ODLPlatform Independent Packet Processing with ODL
Platform Independent Packet Processing with ODL
 
GRPC.pptx
GRPC.pptxGRPC.pptx
GRPC.pptx
 

Recently uploaded

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Recently uploaded (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Http/2

  • 1. HTTP/2 The (not so) new Language of the Web
  • 2. Software Engineer All around nerd Systems Administrator for 7 years @aramonc in all the places About Me
  • 3. Slight History of HTTP 1.x ● World Wide Web first proposed by Tim Berners-Lee & team in 1989 ● First documented in 1991 in HTTP 0.9 ○ Request only GET ○ Response only HTML ● Officially documented in RFC 1945 as HTTP 1.0 in 1996 ○ HTTP 1.1 was already in draft ○ Documented common use cases from existing web browsers ○ Not a standard ● HTTP 1.1 became official standard in 1997 ○ Defined in RFC 2068 ○ Additions & Disambiguations added in 1999 as RFC 2616 ○ Supported by most browsers and tools since early drafts ○ Re-written into multiple proposed RFCs between 2007 & 2014
  • 4. Then Came SPDY ● Binary protocol worked on by Mike Belshe & Roberto Peon at Google ● Implemented on Chrome & GFE servers between 2009 & 2014 ● Introduced to Mark Nottingham of the IETF HTTPBIS working group in 2012 ● Became the basis of HTTP/2
  • 5. Binary Protocol Features ● Binary framing ● Streams ● Request & response multiplexing ● Stream prioritization ● Single connection per origin ● Flow control ● Server Push ● Header Compression
  • 6. The Final HTTP / 2 RFC(s) ● Hypertext Transfer Protocol version 2 - RFC7540 ○ Describes the new internals of the protocol ○ Designed for low latency ● HPACK - Header Compression for HTTP/2 - RFC7541 ● Published in May 2015
  • 7. Implementations Apache 2.4.17 F5 (upcoming release) Jetty ~7.6.13 IIS Server 2016 Nginx 1.9.5 Akamai ~2015 cURL 7.38.0 WireShark 1.11 IE 11 (Windows 10 only) Edge 2 Chrome 41 Firefox 36
  • 9. Binary Framing ● Similar to TCP packets ● Frames contain distinct data (headers, payload, etc) ● Frames are indexed ● Fixed length Length Flags Identifier Payload
  • 10. Streams ● Bidirectional flow of bytes within a connection ● May carry one or more messages ● Single TCP connection can carry several streams ● Have identifiers ● Can be prioritized
  • 12. Capable of Multiplexing ● Frames in different streams can be interleaved ● Solves Head-of-Line blocking by Ilya Grigorik
  • 13. Header Compression ● Original SPDY compression was vulnerable ● HPACK used in HTTP/2 ● HPACK uses 2 compression techniques ○ Huffman compression ○ Client & Server must keep indexed list of previously seen headers
  • 15. Server Push ● Server knows content needed ● Server sends a PUSH_PROMISE frame ● Client can decide to accept frame or reset it ● Currently still experimental
  • 16. TLS Only ● Not mandated by the standard ● Chrome & Firefox stated they will not support without TLS ● Performance issues balanced in single connection scenario ● http://letsencrypt.org
  • 17. Connection Upgrade ● ALPN during TLS hand-shake ○ Recommended ● Connection & Upgrade headers
  • 18. DoS Vectors ● Single connection reduces many vectors ● TCP is still point of failure ● HPACK & required buffering can be memory intensive ● HPACK can be used to increase payload ● Header frames cannot be interrupted
  • 19. What does this Mean for you? ● Increased performance ○ Conservative measure of 5% to 15% ● Decreased resource use ● New tools for debugging & monitoring ● Happier customers ● Time to switch
  • 20. It’s for Everyone ● Reduces battery use in mobile devices ● Reduces CPU use in the server level ● Overall fewer costs
  • 21. Transition Plan ● Know your application as it is ● Which strategy is best for your customers ● Optimizations you might need to change ● Benchmark before & after every change ● Deploy
  • 22. Transition Plan 1. Internal / Backend APIs 2. Public APIs 3. CDNs 4. Front end applications 5. Load balancers & other proxies
  • 23. Transition Strategies ● Sit and wait ● Adopt HTTP/2 completely ● Hybrid approach
  • 24. Optimize, Fine Tune ● Applications currently compensate for shortcomings in HTTP 1.1 ● Most optimizations still ok ○ Maybe different ● Re-optimize assets to take advantage of new features ● No changes to use of CDNs
  • 25. Detrimental Optimizations ● Domain sharding ● Inline assets ● Image sprites ● Concatenated resources
  • 26. Hybrid Approach ● For front-end servers ● HTTP/2 capable proxy ● Proxy terminates TLS ● Forwards requests to servers with appropriate optimizations ● More costly approach
  • 27. Benchmarks, Benchmarks, Benchmarks ● Load Impact comparison tool ○ http://http2.loadimpact.com/entry/ ● Plugin for JMeter ● h2load ● Test all optimizations
  • 28. Resources ● http://http2.github.io ● High Performance Browser Networking - http://bit.ly/1PWhBQ3 ● Google HTTP/2 podcasts - http://bit.ly/1QgUrUP ● http://caniuse.com/#feat=http2 ● HTTP/2 is here, let’s optimize - http://bit.ly/20KJq5I

Editor's Notes

  1. When we refer to the Internet today, we’re actually talking about what Tim Berners-Lee referred to as the World Wide Web in 1989. It was not a formal thing with standards or specifications, it was just an idea for requesting and transferring ASCII documents over the newly created internet. Before this there was only email, FTP, and USENET boards. All of which were interactive by their nature. You had to request that someone send you a document. The World Wide Web project eventually also defined its own protocol in HTTP & was documented as HTTP 0.9 in 1991. At this time it was a very simple HTML document addressing & retrieval system. This would not be officially documented until 1996 as a sort of after the fact standard. The RFC document common practices in the wild amongst companies like Netscape and Microsoft. This was later revised and then revised again and again between 2007 & 2014 because the revisions and additions were written by several people using slightly different language. All of which combined to make the HTTP 1.1 standard somewhat ambiguous and difficult to implement leading to slightly different behaviours amongst implementers according to Mark Nottingham, chairman of the IETF HTTPBis working group.
  2. At the same time as Roy Fielding & Mark Nottingham were working on revising HTTP 1.1, Mike Belshe & Roberto Peon had come up with SPDY at Google. SPDY was meant to be a binary, low latency replacement for HTTP that maintained the HTTP semantics. Belshe & Peon worked on the Chrome and GFE teams at Google independently and started to implement this new protocol around 2009 as a proof of concept. There had been a similar attempt at a binary protocol with HTTPNG, but that never took off. According to an interview with Mark Nottingham, he met with Mike Belshe in 2012 & was so impressed with the concept & performance numbers that Google was seeing with SPDY that he scheduled a presentation at the next session of the HTTPBIS working group. They then decided to created a new version of the standard using SPDY as a starting point.
  3. The binary protocol differs from HTTP 1.1 in that information is transmitted in a fixed length binary package which we’ll go into later as opposed to plain text documents. I will not cover all of the features as most don’t directly affect developers, but you should be aware of all of tem.
  4. The new standard was worked on between 2013 and 2015. The original specification for SPDY had a few things that did not mesh well with all of the members of working group, such as a requirement for resolution over TLS only and that it didn’t take much into account non web uses of HTTP. The SPDY specification also used zlib for header compression and this was found to have a vulnerability a little over halfway through the process. The working group ended up with 2 RFCs, one to describe the new binary protocol and one to describe a new header compression mechanism. These were officially published & accepted by the IETF as proposed standards in May of 2015. By then there were already several implementations amongst client & server softwares of earlier drafts.
  5. The HTTP/2 documentation repo maintains a list of implementations which is by no means exhaustive. For example there are very few tools mentioned in the list, but a quick search reveals plugins for JMeter and other benchmarking tools. Also Cloudflare has released blog posts indicating that they’re also working on an implementation for their global netowrk. This is a sample of the implementations from that list plus the approximate version of when the software started to support HTTP/2. For some of these finding the version that started supporting HTTP2 was not simple.
  6. The majority of all browser vendors have implemented HTTP/2 fully as of the latest release with the exception of some deprecated mobile browsers such as Android Browser. For a detailed list of current browser implementations you can go to caniuse.com & search for HTTP/2 and then click the Show All toggle.
  7. You may be wondering what makes binary framing so special if TCP is already transmitted as binary packets. Binary framing borrows the same concept of a TCP packet in that it divides the content being transmitted into distinct units that contain metadata about the content in fixed length binary fields. Each frame contains an identifier that tells the receiver the request/response it belongs to and the type of payload it’s carrying. This is what really enables the majority of the features in the binary protocol. The content can be things like headers, request or response body chunks, other meta data. There are about 7 or 8 different content types. Now this also makes it easier for the receiver to parse the content. The receiver knows the length of the content and it knows what kind of content it’s looking at. With HTTP 1.1 the receiver gets an entire plain text message and the application has to guess at where things like headers end & the content begins, what whitespace is significant and what isn’t, etc. With a binary protocol, that’s all gone and the receiver can can parse the content of each frame much faster.
  8. So now that we have binary frames with identifiers we can also define streams to carry and associate all of the frames related to a single request / response messages. You can send settings frames to have a common contract between the client & server on how to deal with the stream. You can send a prioritization frame to let the receiver know which stream is more important or define dependencies.
  9. Application Layer Protocol Negotiation Transport Layer Security