Daniel Stenberg, profile picture
Uploaded byDaniel Stenberg
PDF, PPTX1,335 views

HTTP/3 for everyone

The document discusses QUIC, a new transport protocol developed by Google, which operates over UDP and aims to improve HTTP performance by eliminating head-of-line blocking and allowing for faster handshakes and encryption. It compares HTTP/1.1, HTTP/2, and HTTP/3, highlighting their differences and the advancements brought by HTTP/3 over QUIC. The presentation notes the challenges of implementing HTTP/3 and QUIC while emphasizing their long-term potential and the ongoing work in development and implementation across various platforms.

Embed presentation

Download as PDF, PPTX
DanielStenberg–FOSDEM-February1st ,2020 For everyone!
Daniel Stenberg @bagderhttps://daniel.haxx.se
Daniel Stenberg @bagder
Daniel Stenberg @bagder
HTTP 1 to 2 to 3HTTP 1 to 2 to 3 ProblemsProblems Why QUIC and how it worksWhy QUIC and how it works HTTP/3HTTP/3 ChallengesChallenges Coming soon?Coming soon? @bagder@bagder
Echo? I talked HTTP/3 at FOSDEM 2019 in the Mozilla devroom This is not just a rerun I promise @bagder@bagder
HTTP/1 HTTP/2 HTTP/3 @bagder@bagder
Under the hood GET / HTTP/1.1 Host: www.example.com Accept: */* User-Agent: HTTP-eats-the-world/2020 HTTP/1.1 200 OK Date: Thu, 09 Nov 2018 14:49:00 GMT Server: my-favorite v3 Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT Content-Length: 12345 Set-Cookie: this-is-simple=yeah-really; Content-Type: text/html [content] @bagder@bagder
HTTP began over TCP @bagder@bagder
TCPTCP TCP is transport over IP Establishes a “connection” 3-way handshake Resends lost packages A reliable byte stream Clear text @bagder@bagder
HTTPS means TCP + TLS + HTTP @bagder@bagder
@bagder@bagder Web pages over HTTPS in Firefox
@bagder@bagder Web pages over HTTPS in Chrome
TLSTLS TLS is done over TCP for HTTP/1 or 2 Transport Layer Security Additional handshake Privacy and security @bagder@bagder
Classic HTTPS stack IP TCP TLS HTTP @bagder@bagder
HTTP over TCP @bagder@bagder
HTTP/1.1HTTP/1.1 Shipped January 1997 Many parallel TCP connections Better but ineffective TCP use HTTP head-of-line-blocking Numerous work-arounds @bagder@bagder
HTTP/2HTTP/2 Shipped May 2015 Uses single connection per host Many parallel streams TCP head-of-line-blocking @bagder@bagder
OssificationOssification Internet is full of boxes Routers, gateways, firewalls, load balancers, NATs... Boxes run software to handle network data Middle-boxes work on existing protocols Upgrade much slower than edges @bagder@bagder
Internet WWW @bagder@bagder
Ossification casualties HTTP/2 in clear textHTTP/2 in clear text TCP improvements like TFOTCP improvements like TFO TCP/UDP replacementsTCP/UDP replacements HTTP brotliHTTP brotli Future innovationsFuture innovations …… unless encryptedunless encrypted @bagder@bagder
Improvement in spite of ossification @bagder@bagder
@bagder@bagder
@bagder@bagder QUIC is a name, not an acronym.
@bagder@bagder
A new transport protocol @bagder@bagder
Built on experiences by Google QUIC Google deployed “http2 frames over UDP”-QUIC in 2013Google deployed “http2 frames over UDP”-QUIC in 2013 Widely used clientWidely used client Widely used web servicesWidely used web services Proven to work at web scaleProven to work at web scale Taken to the IETF in 2015Taken to the IETF in 2015 QUIC working group started 2016QUIC working group started 2016 IETF QUIC is now very different than Google QUIC wasIETF QUIC is now very different than Google QUIC was @bagder@bagder
Improvements TCP head of line blockingTCP head of line blocking Faster handshakesFaster handshakes Earlier dataEarlier data Connection-IDConnection-ID More encryption, alwaysMore encryption, always Future developmentFuture development @bagder@bagder
Build on top of UDP TCP and UDP remain “the ones”TCP and UDP remain “the ones” Use UDP instead of IPUse UDP instead of IP Reliable transport protocol - inReliable transport protocol - in user-spaceuser-space A little like TCP + TLSA little like TCP + TLS @bagder@bagder
UDP isn’t reliable, QUIC is UDP Connectionless No resends No flow control No ordering @bagder@bagder QUIC Uses UDP like TCP uses IP Adds connections Reliability Flow control Security
QUIC has streamsQUIC has streams Many logical flows within a single connectionMany logical flows within a single connection Similar to HTTP/2 but in the transport layerSimilar to HTTP/2 but in the transport layer Client or server initiatedClient or server initiated Bidirectional or unidirectionalBidirectional or unidirectional IndependentIndependent streamsstreams @bagder@bagder
Independent streamsIndependent streams TCPTCP QUICQUIC @bagder@bagder
Application protocols over QUICApplication protocols over QUIC Streams for free Could be “any protocol” HTTP worked on as the first Others are planned to follow @bagder@bagder
HTTP/3 = HTTP over QUIC @bagder@bagder
HTTP – same but different RequestRequest - method + path- method + path - headers- headers - body- body ResponseResponse - response code- response code - headers- headers - body- body @bagder@bagder
HTTP – same but different HTTP/1 – in ASCII over TCP HTTP/2 – binary multiplexed over TCP HTTP/3 – binary over multiplexed QUIC @bagder@bagder
HTTPS stacks: old vs new TCP TLS HTTP/2 UDP HTTP/3 QUIC TLS 1.3 IP HTTP/1 @bagder@bagder streams
HTTP feature comparison @bagder@bagder HTTP/2 HTTP/3 Transport TCP QUIC Streams HTTP/2 QUIC Clear-text version Yes No Independent streams No Yes Header compression HPACK QPACK Server push Yes Yes Early data In theory Yes 0-RTT Handshake No Yes Prioritization Messy Changes
“The ultimate guide to HTTP resource prioritization” Who: Robin Marx Where: Web Performance devroom (H.1309) When: 17:00 (today, Saturday) @bagder@bagder (I bet it is already too late to get a seat in that room, so relax and watch the video after the fact instead.)
HTTP/3 is fasterHTTP/3 is faster Faster handshakes Early data that works The independent streams By how much remains to be measured! @bagder@bagder (Thanks to QUIC)(Thanks to QUIC)
HTTPS:// is TCP? HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443 @bagder@bagder
This service - over there! The Alt-Svc: response header Another host, protocol or port number is the same “origin” This site also runs on HTTP/3 “over there”, for the next NNNN seconds @bagder@bagder
Race connections? Might be faster Probably needed anyway QUIC connections verify the cert HTTPSSVC – alt-svc: done in DNS @bagder@bagder
Will HTTP/3 deliver? @bagder@bagder
UDP challenges 3-7% of QUIC attempts fail Clients need fall back algorithms QUIC looks like a DDOS attack @bagder@bagder
CPU hog 2-3 times the CPU use Unoptimized UDP stacks Non-ideal UDP APIs Missing hardware offload @bagder@bagder
The TLS situation (1/2) TLS was made for TCP TLS is sent over TCP as records containing individual messages QUIC uses TLS messages No TLS library support(ed) TLS messages QUIC also needs additional secrets @bagder@bagder
The TLS situation (2/2) @bagder@bagder Frame 0 Message 0 Message 1 Frame 1 Message 2 Message 3TCPTCP Message 0 Message 1 Message 2 Message 3 QUICQUIC
Userland All QUIC stacks are user-land No standard QUIC API Will it be moved to kernels? @bagder@bagder
Tooling Lack of tooling Hooray for qlog & qvis @bagder@bagder
Ship date @bagder@bagder 2020?
Implementations Over a dozen QUIC and HTTP/3 implementations Google, Mozilla, Apple, Facebook, Microsoft, Akamai, Fastly, Cloudflare, F5, LiteSpeed, Apache, and more C, C++, Go, Rust, Python, Java, TypeScript, Erlang Monthly interops @bagder@bagder
Implementation Status curl Chrome and Edge Canary, Firefox Nightly Caddy and LiteSpeed nginx-patch + quiche Wireshark @bagder@bagder No Safari No Apache httpd, IIS or official nginx OpenSSL PR #8797
Browsers: bleeding edge h3 @bagder@bagder --enable-quic --quic-version=h3-24 about:config network.http.http3.enabled
in ExperimentalExperimental h3-25 works! Alt-svcAlt-svc support is there Based on ngtcp2ngtcp2 and FallbackFallback is tricky @bagder@bagder Try it! Try it!
$ curl --http3 --head https://example.com/ HTTP/3 200 date: Wed, 09 Oct 2019 11:16:06 GMT content-type: text/html content-length: 10602 set-cookie: crazy=d8bc7e7; expires=Thu, 08-Oct-22 11:16:06 GMT; path=/; domain=example.com; alt-svc: h3-24=":443"; ma=86400 @bagder@bagder curl HTTP/3 command line
Specifications Ship curl HTTP/3-enabled?Ship curl HTTP/3-enabled? Deployed servers Browser support libcurl TLS libraries QUIC and HTTP/3 libraries @bagder@bagder
HTTP/3 will take timeHTTP/3 will take time HTTP/3 will grow slowerHTTP/3 will grow slower Some will stick to HTTP/2Some will stick to HTTP/2 QUIC is for the long termQUIC is for the long term @bagder@bagder
FutureFuture MultipathMultipath Forward error correctionForward error correction Unreliable streamsUnreliable streams More application protocolsMore application protocols @bagder@bagder Partial reliabilityPartial reliability
Wait a minute, what about... @bagder@bagder
Websockets? Not actually a part of HTTP(/3) RFC 8441 took a long time for HTTP/2 Can probably be updated for HTTP/3 draft-vvv-webtransport-http3-01 Still in progress @bagder@bagder
Take-aways HTTP/3 is comingHTTP/3 is coming HTTP/3 is always encryptedHTTP/3 is always encrypted Similar to HTTP/2 but over QUICSimilar to HTTP/2 but over QUIC QUIC is transport over UDPQUIC is transport over UDP Challenges to overcomeChallenges to overcome Mid 2020?Mid 2020? @bagder@bagder
HTTP/3 Explained https://daniel.haxx.se/http3-explained @bagder@bagder
Daniel Stenberg @bagder https://daniel.haxx.se/ Thank you!Thank you! Questions?Questions? @bagder@bagder
License This presentation is provided under the Creative Commons Attribution 4.0 International Public License @bagder@bagder
Links to data and more info QUIC drafts: https://quicwg.github.io/ DATAGRAM: https://tools.ietf.org/html/draft-pauly-quic-datagram-05 QUIC multipath: https://tools.ietf.org/html/draft-deconinck-quic-multipath-03 HTTPS stats Firefox: https://letsencrypt.org/stats/#percent-pageloads HTTPS stats Chrome: https://transparencyreport.google.com/https/overview?hl=en Web Transport: https://tools.ietf.org/html/draft-vvv-webtransport-http3-01 Images: http://www.simonstalenhag.se/ and https://pixabay.com/ HTTP/3 Explained: https://http3-explained.haxx.se/ QUIC implementations: https://github.com/quicwg/base-drafts/wiki/Implementations Nginx + quiche: https://github.com/cloudflare/quiche/tree/master/extras/nginx HTTPSSVC: https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc-01 qlog: https://github.com/quiclog/internet-drafts qvis: https://qvis.edm.uhasselt.be Build curl with HTTP/3: https://github.com/curl/curl/blob/master/docs/HTTP3.md @bagder@bagder

More Related Content

PDF
HTTP/2 standard for video streaming
byHung Thai Le
 
PDF
HTTP/3
byDaniel Stenberg
 
PPTX
Understanding of MQTT for IoT Projects
byCumulations Technologies
 
PDF
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
byCory Forsyth
 
PPTX
HTTP2 and gRPC
byGuo Jing
 
PDF
netfilter and iptables
byKernel TLV
 
PDF
VLAN on mikrotik
byAchmad Mardiansyah
 
PPTX
Message queuing telemetry transport (mqtt) message format
byHamdamboy (함담보이)
 
HTTP/2 standard for video streaming
byHung Thai Le
 
HTTP/3
byDaniel Stenberg
 
Understanding of MQTT for IoT Projects
byCumulations Technologies
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
byCory Forsyth
 
HTTP2 and gRPC
byGuo Jing
 
netfilter and iptables
byKernel TLV
 
VLAN on mikrotik
byAchmad Mardiansyah
 
Message queuing telemetry transport (mqtt) message format
byHamdamboy (함담보이)
 

What's hot

PDF
BGP on RouterOS7 -Part 1
byGLC Networks
 
PDF
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
byGLC Networks
 
PDF
Using mikrotik with radius
byAchmad Mardiansyah
 
PDF
Transition ipv4-ipv6
byArrow Djibio
 
PPTX
HyperText Transfer Protocol (HTTP)
byGurjot Singh
 
PDF
TFTP - Trivial File Transfer Protocol
byPeter R. Egli
 
PPTX
IPv6
bymedalaa
 
PPTX
DHCP Snooping
byNetProtocol Xpert
 
PDF
Socket Programming In Python
bydidip
 
PDF
BIRD Routing Daemon
byAPNIC
 
PDF
Mikrotik the dude
byAchmad Mardiansyah
 
PDF
Introduction to WebSockets
byGunnar Hillert
 
PDF
Mikrotik Hotspot
byGLC Networks
 
PDF
Policy Based Routing (PBR) on Mikrotik
byGLC Networks
 
PDF
MPLS Concepts and Fundamentals
byShawn Zandi
 
PDF
Wireshark udp solution
byYasin Abdullah
 
PPTX
Introduction to WebRTC
byArt Matsak
 
PDF
Configure DHCP Server and DHCP-Relay
byTola LENG
 
KEY
ZeroMQ
byStoyan Zhekov
 
PDF
Gitlab Training with GIT and SourceTree
byTeerapat Khunpech
 
BGP on RouterOS7 -Part 1
byGLC Networks
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
byGLC Networks
 
Using mikrotik with radius
byAchmad Mardiansyah
 
Transition ipv4-ipv6
byArrow Djibio
 
HyperText Transfer Protocol (HTTP)
byGurjot Singh
 
TFTP - Trivial File Transfer Protocol
byPeter R. Egli
 
IPv6
bymedalaa
 
DHCP Snooping
byNetProtocol Xpert
 
Socket Programming In Python
bydidip
 
BIRD Routing Daemon
byAPNIC
 
Mikrotik the dude
byAchmad Mardiansyah
 
Introduction to WebSockets
byGunnar Hillert
 
Mikrotik Hotspot
byGLC Networks
 
Policy Based Routing (PBR) on Mikrotik
byGLC Networks
 
MPLS Concepts and Fundamentals
byShawn Zandi
 
Wireshark udp solution
byYasin Abdullah
 
Introduction to WebRTC
byArt Matsak
 
Configure DHCP Server and DHCP-Relay
byTola LENG
 
ZeroMQ
byStoyan Zhekov
 
Gitlab Training with GIT and SourceTree
byTeerapat Khunpech
 

Similar to HTTP/3 for everyone

PDF
HTTP/3 is next generation HTTP
byDaniel Stenberg
 
PDF
HTTP/3 over QUIC. All is new but still the same!
byDaniel Stenberg
 
PDF
Http3 fullstackfest-2019
byDaniel Stenberg
 
PDF
HTTP/3, QUIC and streaming
byDaniel Stenberg
 
PDF
http3-quic-streaming-2020-200121234036.pdf
byJunZhao68
 
PDF
HTTP/3 in curl 2020
byDaniel Stenberg
 
PDF
HTTP/3 in curl
byDaniel Stenberg
 
PDF
HTTP/3 in curl - curl up 2022
byDaniel Stenberg
 
PDF
HTTP/3 an early overview
byPraveen Kottarathil
 
PDF
PAC 2019 virtual Scott Moore
byNeotys
 
PDF
Web Performance Optimization with HTTP/3
bySangJin Kang
 
PDF
A New Internet? Introduction to HTTP/2, QUIC and DOH
byAPNIC
 
PDF
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
byAPNIC
 
PDF
HTTP/3 where are we now? State of the art in our servers.
byJean-Frederic Clere
 
PDF
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
bypeychevi
 
PPTX
HTTP 3.pptx
byDavidEzekiel14
 
PDF
Solving HTTP Problems with Code and Protocols
byC4Media
 
PDF
So that was HTTP/2, what's next?
byDaniel Stenberg
 
PDF
Http2
byDaniel Stenberg
 
PPTX
Next generation web protocols
byDaniel Austin
 
HTTP/3 is next generation HTTP
byDaniel Stenberg
 
HTTP/3 over QUIC. All is new but still the same!
byDaniel Stenberg
 
Http3 fullstackfest-2019
byDaniel Stenberg
 
HTTP/3, QUIC and streaming
byDaniel Stenberg
 
http3-quic-streaming-2020-200121234036.pdf
byJunZhao68
 
HTTP/3 in curl 2020
byDaniel Stenberg
 
HTTP/3 in curl
byDaniel Stenberg
 
HTTP/3 in curl - curl up 2022
byDaniel Stenberg
 
HTTP/3 an early overview
byPraveen Kottarathil
 
PAC 2019 virtual Scott Moore
byNeotys
 
Web Performance Optimization with HTTP/3
bySangJin Kang
 
A New Internet? Introduction to HTTP/2, QUIC and DOH
byAPNIC
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
byAPNIC
 
HTTP/3 where are we now? State of the art in our servers.
byJean-Frederic Clere
 
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
bypeychevi
 
HTTP 3.pptx
byDavidEzekiel14
 
Solving HTTP Problems with Code and Protocols
byC4Media
 
So that was HTTP/2, what's next?
byDaniel Stenberg
 
Http2
byDaniel Stenberg
 
Next generation web protocols
byDaniel Austin
 

More from Daniel Stenberg

PDF
AI slop attacks on the curl project - Daniel Stenberg
byDaniel Stenberg
 
PDF
giants, standing on the shoulders of - by Daniel Stenberg
byDaniel Stenberg
 
PDF
What comes after world domination with Daniel Stenberg, April 2025
byDaniel Stenberg
 
PDF
digital infrastruktur är open source-1.pdf
byDaniel Stenberg
 
PDF
Tightening every bolt at FOSDEM 2025 by Daniel Stenberg
byDaniel Stenberg
 
PDF
curl security by Daniel Stenberg from curl up 2024
byDaniel Stenberg
 
PDF
rust in curl by Daniel Stenberg from- curl up 2024
byDaniel Stenberg
 
PDF
trurl 2024 by Daniel Stenberg from curl up 2024
byDaniel Stenberg
 
PDF
curl future 2024 by Daniel Stenberg from curl up 2024
byDaniel Stenberg
 
PDF
The state of curl 2024 by Daniel Stenberg from curl up 2024
byDaniel Stenberg
 
PDF
mastering libcurl part 2
byDaniel Stenberg
 
PDF
mastering libcurl part 1
byDaniel Stenberg
 
PDF
curl - openfourm europe.pdf
byDaniel Stenberg
 
PDF
curl experiments - curl up 2022
byDaniel Stenberg
 
PDF
curl security - curl up 2022
byDaniel Stenberg
 
PDF
The state of curl 2022
byDaniel Stenberg
 
PDF
Let me tell you about curl
byDaniel Stenberg
 
PDF
Curl with rust
byDaniel Stenberg
 
PDF
Getting started with libcurl
byDaniel Stenberg
 
PDF
Landing code in curl
byDaniel Stenberg
 
AI slop attacks on the curl project - Daniel Stenberg
byDaniel Stenberg
 
giants, standing on the shoulders of - by Daniel Stenberg
byDaniel Stenberg
 
What comes after world domination with Daniel Stenberg, April 2025
byDaniel Stenberg
 
digital infrastruktur är open source-1.pdf
byDaniel Stenberg
 
Tightening every bolt at FOSDEM 2025 by Daniel Stenberg
byDaniel Stenberg
 
curl security by Daniel Stenberg from curl up 2024
byDaniel Stenberg
 
rust in curl by Daniel Stenberg from- curl up 2024
byDaniel Stenberg
 
trurl 2024 by Daniel Stenberg from curl up 2024
byDaniel Stenberg
 
curl future 2024 by Daniel Stenberg from curl up 2024
byDaniel Stenberg
 
The state of curl 2024 by Daniel Stenberg from curl up 2024
byDaniel Stenberg
 
mastering libcurl part 2
byDaniel Stenberg
 
mastering libcurl part 1
byDaniel Stenberg
 
curl - openfourm europe.pdf
byDaniel Stenberg
 
curl experiments - curl up 2022
byDaniel Stenberg
 
curl security - curl up 2022
byDaniel Stenberg
 
The state of curl 2022
byDaniel Stenberg
 
Let me tell you about curl
byDaniel Stenberg
 
Curl with rust
byDaniel Stenberg
 
Getting started with libcurl
byDaniel Stenberg
 
Landing code in curl
byDaniel Stenberg
 

Recently uploaded

PDF
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PDF
Quick Learn Laravel for Beginner from Zero to Survive
byiDev Semarang
 
PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PDF
Why AI Girlfriends Are the Future of Digital Companionship
byAi Angels
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PDF
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PDF
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
Quick Learn Laravel for Beginner from Zero to Survive
byiDev Semarang
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
Why AI Girlfriends Are the Future of Digital Companionship
byAi Angels
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 

HTTP/3 for everyone

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
    HTTP 1 to2 to 3HTTP 1 to 2 to 3 ProblemsProblems Why QUIC and how it worksWhy QUIC and how it works HTTP/3HTTP/3 ChallengesChallenges Coming soon?Coming soon? @bagder@bagder
  • 6.
    Echo? I talked HTTP/3at FOSDEM 2019 in the Mozilla devroom This is not just a rerun I promise @bagder@bagder
  • 7.
  • 8.
    Under the hood GET/ HTTP/1.1 Host: www.example.com Accept: */* User-Agent: HTTP-eats-the-world/2020 HTTP/1.1 200 OK Date: Thu, 09 Nov 2018 14:49:00 GMT Server: my-favorite v3 Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT Content-Length: 12345 Set-Cookie: this-is-simple=yeah-really; Content-Type: text/html [content] @bagder@bagder
  • 9.
    HTTP began overTCP @bagder@bagder
  • 10.
    TCPTCP TCP is transportover IP Establishes a “connection” 3-way handshake Resends lost packages A reliable byte stream Clear text @bagder@bagder
  • 11.
    HTTPS means TCP+ TLS + HTTP @bagder@bagder
  • 12.
  • 13.
  • 14.
    TLSTLS TLS is doneover TCP for HTTP/1 or 2 Transport Layer Security Additional handshake Privacy and security @bagder@bagder
  • 15.
  • 16.
  • 17.
    HTTP/1.1HTTP/1.1 Shipped January 1997 Manyparallel TCP connections Better but ineffective TCP use HTTP head-of-line-blocking Numerous work-arounds @bagder@bagder
  • 18.
    HTTP/2HTTP/2 Shipped May 2015 Usessingle connection per host Many parallel streams TCP head-of-line-blocking @bagder@bagder
  • 19.
    OssificationOssification Internet is fullof boxes Routers, gateways, firewalls, load balancers, NATs... Boxes run software to handle network data Middle-boxes work on existing protocols Upgrade much slower than edges @bagder@bagder
  • 20.
  • 21.
    Ossification casualties HTTP/2 inclear textHTTP/2 in clear text TCP improvements like TFOTCP improvements like TFO TCP/UDP replacementsTCP/UDP replacements HTTP brotliHTTP brotli Future innovationsFuture innovations …… unless encryptedunless encrypted @bagder@bagder
  • 22.
    Improvement in spiteof ossification @bagder@bagder
  • 23.
  • 24.
    @bagder@bagder QUIC is aname, not an acronym.
  • 25.
  • 26.
    A new transportprotocol @bagder@bagder
  • 27.
    Built on experiencesby Google QUIC Google deployed “http2 frames over UDP”-QUIC in 2013Google deployed “http2 frames over UDP”-QUIC in 2013 Widely used clientWidely used client Widely used web servicesWidely used web services Proven to work at web scaleProven to work at web scale Taken to the IETF in 2015Taken to the IETF in 2015 QUIC working group started 2016QUIC working group started 2016 IETF QUIC is now very different than Google QUIC wasIETF QUIC is now very different than Google QUIC was @bagder@bagder
  • 28.
    Improvements TCP head ofline blockingTCP head of line blocking Faster handshakesFaster handshakes Earlier dataEarlier data Connection-IDConnection-ID More encryption, alwaysMore encryption, always Future developmentFuture development @bagder@bagder
  • 29.
    Build on topof UDP TCP and UDP remain “the ones”TCP and UDP remain “the ones” Use UDP instead of IPUse UDP instead of IP Reliable transport protocol - inReliable transport protocol - in user-spaceuser-space A little like TCP + TLSA little like TCP + TLS @bagder@bagder
  • 30.
    UDP isn’t reliable,QUIC is UDP Connectionless No resends No flow control No ordering @bagder@bagder QUIC Uses UDP like TCP uses IP Adds connections Reliability Flow control Security
  • 31.
    QUIC has streamsQUIChas streams Many logical flows within a single connectionMany logical flows within a single connection Similar to HTTP/2 but in the transport layerSimilar to HTTP/2 but in the transport layer Client or server initiatedClient or server initiated Bidirectional or unidirectionalBidirectional or unidirectional IndependentIndependent streamsstreams @bagder@bagder
  • 32.
  • 33.
    Application protocols overQUICApplication protocols over QUIC Streams for free Could be “any protocol” HTTP worked on as the first Others are planned to follow @bagder@bagder
  • 34.
    HTTP/3 = HTTPover QUIC @bagder@bagder
  • 35.
    HTTP – samebut different RequestRequest - method + path- method + path - headers- headers - body- body ResponseResponse - response code- response code - headers- headers - body- body @bagder@bagder
  • 36.
    HTTP – samebut different HTTP/1 – in ASCII over TCP HTTP/2 – binary multiplexed over TCP HTTP/3 – binary over multiplexed QUIC @bagder@bagder
  • 37.
    HTTPS stacks: oldvs new TCP TLS HTTP/2 UDP HTTP/3 QUIC TLS 1.3 IP HTTP/1 @bagder@bagder streams
  • 38.
    HTTP feature comparison @bagder@bagder HTTP/2HTTP/3 Transport TCP QUIC Streams HTTP/2 QUIC Clear-text version Yes No Independent streams No Yes Header compression HPACK QPACK Server push Yes Yes Early data In theory Yes 0-RTT Handshake No Yes Prioritization Messy Changes
  • 39.
    “The ultimate guideto HTTP resource prioritization” Who: Robin Marx Where: Web Performance devroom (H.1309) When: 17:00 (today, Saturday) @bagder@bagder (I bet it is already too late to get a seat in that room, so relax and watch the video after the fact instead.)
  • 40.
    HTTP/3 is fasterHTTP/3is faster Faster handshakes Early data that works The independent streams By how much remains to be measured! @bagder@bagder (Thanks to QUIC)(Thanks to QUIC)
  • 41.
    HTTPS:// is TCP? HTTPS://URLs are everywhereHTTPS:// URLs are everywhere TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443 @bagder@bagder
  • 42.
    This service -over there! The Alt-Svc: response header Another host, protocol or port number is the same “origin” This site also runs on HTTP/3 “over there”, for the next NNNN seconds @bagder@bagder
  • 43.
    Race connections? Might befaster Probably needed anyway QUIC connections verify the cert HTTPSSVC – alt-svc: done in DNS @bagder@bagder
  • 44.
  • 45.
    UDP challenges 3-7% ofQUIC attempts fail Clients need fall back algorithms QUIC looks like a DDOS attack @bagder@bagder
  • 46.
    CPU hog 2-3 timesthe CPU use Unoptimized UDP stacks Non-ideal UDP APIs Missing hardware offload @bagder@bagder
  • 47.
    The TLS situation(1/2) TLS was made for TCP TLS is sent over TCP as records containing individual messages QUIC uses TLS messages No TLS library support(ed) TLS messages QUIC also needs additional secrets @bagder@bagder
  • 48.
    The TLS situation(2/2) @bagder@bagder Frame 0 Message 0 Message 1 Frame 1 Message 2 Message 3TCPTCP Message 0 Message 1 Message 2 Message 3 QUICQUIC
  • 49.
    Userland All QUIC stacksare user-land No standard QUIC API Will it be moved to kernels? @bagder@bagder
  • 50.
    Tooling Lack of tooling Hoorayfor qlog & qvis @bagder@bagder
  • 51.
  • 52.
    Implementations Over a dozenQUIC and HTTP/3 implementations Google, Mozilla, Apple, Facebook, Microsoft, Akamai, Fastly, Cloudflare, F5, LiteSpeed, Apache, and more C, C++, Go, Rust, Python, Java, TypeScript, Erlang Monthly interops @bagder@bagder
  • 53.
    Implementation Status curl Chrome andEdge Canary, Firefox Nightly Caddy and LiteSpeed nginx-patch + quiche Wireshark @bagder@bagder No Safari No Apache httpd, IIS or official nginx OpenSSL PR #8797
  • 54.
    Browsers: bleeding edgeh3 @bagder@bagder --enable-quic --quic-version=h3-24 about:config network.http.http3.enabled
  • 55.
    in ExperimentalExperimental h3-25 works! Alt-svcAlt-svcsupport is there Based on ngtcp2ngtcp2 and FallbackFallback is tricky @bagder@bagder Try it! Try it!
  • 56.
    $ curl --http3--head https://example.com/ HTTP/3 200 date: Wed, 09 Oct 2019 11:16:06 GMT content-type: text/html content-length: 10602 set-cookie: crazy=d8bc7e7; expires=Thu, 08-Oct-22 11:16:06 GMT; path=/; domain=example.com; alt-svc: h3-24=":443"; ma=86400 @bagder@bagder curl HTTP/3 command line
  • 57.
    Specifications Ship curl HTTP/3-enabled?Shipcurl HTTP/3-enabled? Deployed servers Browser support libcurl TLS libraries QUIC and HTTP/3 libraries @bagder@bagder
  • 58.
    HTTP/3 will taketimeHTTP/3 will take time HTTP/3 will grow slowerHTTP/3 will grow slower Some will stick to HTTP/2Some will stick to HTTP/2 QUIC is for the long termQUIC is for the long term @bagder@bagder
  • 59.
    FutureFuture MultipathMultipath Forward error correctionForwarderror correction Unreliable streamsUnreliable streams More application protocolsMore application protocols @bagder@bagder Partial reliabilityPartial reliability
  • 60.
    Wait a minute,what about... @bagder@bagder
  • 61.
    Websockets? Not actually apart of HTTP(/3) RFC 8441 took a long time for HTTP/2 Can probably be updated for HTTP/3 draft-vvv-webtransport-http3-01 Still in progress @bagder@bagder
  • 62.
    Take-aways HTTP/3 is comingHTTP/3is coming HTTP/3 is always encryptedHTTP/3 is always encrypted Similar to HTTP/2 but over QUICSimilar to HTTP/2 but over QUIC QUIC is transport over UDPQUIC is transport over UDP Challenges to overcomeChallenges to overcome Mid 2020?Mid 2020? @bagder@bagder
  • 63.
  • 64.
  • 65.
    License This presentation isprovided under the Creative Commons Attribution 4.0 International Public License @bagder@bagder
  • 66.
    Links to dataand more info QUIC drafts: https://quicwg.github.io/ DATAGRAM: https://tools.ietf.org/html/draft-pauly-quic-datagram-05 QUIC multipath: https://tools.ietf.org/html/draft-deconinck-quic-multipath-03 HTTPS stats Firefox: https://letsencrypt.org/stats/#percent-pageloads HTTPS stats Chrome: https://transparencyreport.google.com/https/overview?hl=en Web Transport: https://tools.ietf.org/html/draft-vvv-webtransport-http3-01 Images: http://www.simonstalenhag.se/ and https://pixabay.com/ HTTP/3 Explained: https://http3-explained.haxx.se/ QUIC implementations: https://github.com/quicwg/base-drafts/wiki/Implementations Nginx + quiche: https://github.com/cloudflare/quiche/tree/master/extras/nginx HTTPSSVC: https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc-01 qlog: https://github.com/quiclog/internet-drafts qvis: https://qvis.edm.uhasselt.be Build curl with HTTP/3: https://github.com/curl/curl/blob/master/docs/HTTP3.md @bagder@bagder