HTTP/2 aims to address issues with HTTP/1.x such as head-of-line blocking and wasted bandwidth through duplicate requests. It uses a binary format for multiplexing requests, server push, header compression, stream prioritization and flow control. Major browsers now support HTTP/2 over TLS, though server implementations are still in development. While preserving the HTTP/1.1 API, HTTP/2 provides advantages like cheaper requests and more efficient use of network resources and server capacity.

1. HTTP/2 Introduction
By Walter Liu 2015/03/11

2. Agenda
 The problem of HTTP/1.x
 What’s HTTP/2?
 HTTP/2 Status

3. The problem of http/1.x

4. httparchive.org – TCP connections

5. httparchive.org –
#Domain & Max request

6. httparchive.org –
Size and Total requests

7. Negate TCP flow control
Unfair resource sharing
Duplicated data
- DNS lookup (domain sharding)
- TCP 3-way handshaking
- TCP network buffer
- HTTP request/respond header

8. HTTP pipeline ?
Head of line blocking

9. Work around for HTTP/1.1
 Spriting
 Data: inlining
 Domain sharding
 Concatenation

10. Workaround - Spriting

11. Workaround – data inlining
 <img
src="data:image/gif;base64,R0lGODlhEAAOALMAAOazToeHh0tLS/7LZv/
0jvb29t/f3//Ub//ge8WSLf/rhf/3kdbW1mxsbP//mf///yH5BAAAAAAALAAAA
AAQAA4AAARe8L1Ekyky67QZ1hLnjM5UUde0ECwLJoExKcppV0aCcGC
mTIHEIUEqjgaORCMxIC6e0CcguWw6aFjsVMkkIr7g77ZKPJjPZqIyd7sJA
gVGoEGv2xsBxqNgYPj/gAwXEQA7” width="16" height="14"
alt="embedded folder icon”>
 Good: No additional request.
 No additional connection
 No additional HTTP request/response header
 Bad:
 Base64 is larger.
 Resources are not sharable.

12. Workaround - Domain sharding
 Browser: WAS 2 TCP connection for each domain.
 New browsers use 6~8, mobile browsers use 4~6 TCP connections.
 Good
 Parallel content download
 Bad:
 More TCP connection, negate TCP flow control, etc.
 More Overhead and unfair resource sharing

13. Workaround - Concatenation
$ cat *.js > site_global.js
* Reduce number of requests
* Reuse cached resources

14. What’s HTTP/2?

15. Key differences with HTTP/1.x
 Binary format
 Multiplex
 Server push
 Header compression
 Stream Prioritization
 Flow Control

16. HTTP/2 binary format (1/2)

17. HTTP/2 binary format (2/2)
Frame Type: DATA, HEADERS, PRIORITY, RST_STREAM, SETTINGS,
PUSH_PROMISE, PING, GOAWAY, WINDOW_UPDATE, CONTINUATION
* begin with a fixed 9-octet header followed by a variable-length payload
Stream Identifier: incremental, client odd, server even. New connection if
exhausted.

18. Connection, Stream, Message and
Frame

19. HTTP/2 Multiplex

20. HTTP/2 Header Compression
• Send diff
• Binary
• Huffman code

21. HTTP/2 Stream Prioritization
 Advisory
 Example,
 Highest: main html
 High: css files
 Mid: Javascript files
 Low: images

22. HTTP/2 Flow Control
 Like SSH sliding window flow control
 With each individual stream or the entire connection.
 Receiver advise the window size, both client and server.
 Only DATA frame are flow controled.
 Hop-by-hop, not end-to-end
 in SETTTINGS frames.
 No algorithm in SPEC. Depends on implementers.

23. Frame Extensions
 Not in SPEC right now. F.Y.I.
 Alternative Services (ALTSVC frame)
 Advisory and OPTIONAL
 Alternative service could be multiple. A client chooses the most suitable one.
 Example,
 ("http", "www.example.com", "80") => ("h2", "new.example.com", "81"), <TTL>
 Not work like redirect. Origin URI is not changed.
 Security context is applied on origin URI.
 Like TLS certificates.
 Security.consideration?
 Must use TLS or strong server authentication if host is changed..
 (Study more about how browsers implement this.)
 BLOCKED frame
 For flow control experiment.

24. Connect or Upgrade to HTTP/2
1. Send request with Upgrade header
2. SETTINGS is bas64 encoded.
3. Server declines upgrade.
4. Server accepts and change to HTTP/2.
• New HTTPS connection via TLS and ALPN.
• New HTTP connection with prior knowledge
• New HTTP connection without prior knowledge (Upgrade)

25. Some Examples

26. HEADER and DATA frame

27. Server push (1)

28. Server push (2)

29. Server push (2)

30. Core concepts of HTTP/2
 Preserve HTTP/1.1 paradigms
 Change
 How data is framed.
 How data is transported.
 Advantages
 Same HTTP APIs
 Cheaper Requests
 Network-server friendliness
 Cache pushing
 Like, if the server foresees the client will need below data.
 Or invalidate client side cache.
 Be able to change your mind (Need to close connection in HTTP/1.x)
 Send RST_STREAM to the server to stop sending data of a request.
 More encryption
 Firefox and Chrom will only support HTTP/2 over TLS.
 No more text

31. HTTP/2 Status

32. HTTP/2 has approved by the IESG,
and is in the RFC Editor’s publication queue.

33. Implementations
 https://github.com/http2/http2-
spec/wiki/Implementations

34. Browsers
 Firefox
 Supported in Firefox 35
 TLS only
 Chrome
 Supported in Chrome 40
 TLS only
 Chrome will remove SPDY in early 2016.
 IE
 Also support HTTP/2 over TCP
 Supported in IE 11 running on Windows 10.
 Safari
 Not announced yet.

35. 5% of Google global traffic
On January 28th 2015

36. Server/CDN/Proxy/L4
 Nginx: End of 2015
 Apache: Not announced yet. (mod_h2?)
 IIS: Supported in Windows 10
 Akamai: Limited beta right now.
 Squid: Supported in 3.6 (Now stable version is 3.5)
 L4: unknown.

37. Tools
 Wireshark: Yes
 Fiddler: Not announced yet.
 CURL/libcurl
 Support both TLS and in-secure TCP
 URLLib in Python: Seems no
 Requests in Python: Seems no
 gRPC (http/2+ProtoBuff): RPC framework

38. References
 http://http2.github.io
 http://daniel.haxx.se/http2/
 http://www.slideshare.net/bagder/http2-right-now-fosdem2015
 http://www.slideshare.net/edburns/http2-comes-to-java-what-servlet-
40-means-to-you-devnexus-2015
 http://chimera.labs.oreilly.com/books/1230000000545/ch12.html

39. Q & A