AlbaniaDreamin24 - How to easily use an API with Flows
Recent Advances in HTTP, controlling them using ruby
1. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Recent Advances in HTTP,
controlling them using ruby
DeNA Co., Ltd.
Kazuho Oku
2. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Who am I
lead developer of H2O HTTP/2 server
⁃ one of the most sophisticated HTTP/2 impl.
⁃ initial public release: 2014/10 (license: MITL)
⁃ used by Fastly, etc.
author of Cache-Digests Internet Draft
⁃ considered as an essential work for HTTP/2 push
works at DeNA Co., Ltd.
also developer of: Q4M, Starlet, pisojson, ...
2Recend Advances in HTTP2, controlling them using ruby
3. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Current State of HTTP
3Recend Advances in HTTP2, controlling them using ruby
4. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Why use HTTP/2?
latency has become the bottleneck of the Web
HTTP/2 to conceal latency by raising concurrency
⁃ 6 concurrent requests in HTTP/1
⁃ ~100 in HTTP/2
4Recend Advances in HTTP2, controlling them using ruby
5. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Current state of HTTP
HTTP/2 (RFC 7540) released on May 2015
1: https://github.com/HTTPWorkshop/workshop2016/blob/master/talks/http2-review-data.pdf
5Recend Advances in HTTP2, controlling them using ruby
45
28
37
41
18
31
0% 20% 40% 60% 80% 100%
2015/7
2016/7
# of transactions by Firefox1
HTTP HTTPS (H1) HTTPS (H2)
6. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Key features of HTTP/2
header compression (HPACK)
multiplexing & prioritization
push
6Recend Advances in HTTP2, controlling them using ruby
7. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Header compression
working well
according to Mozilla1:
⁃ median – 90% reduction
⁃ 80th percentile – 75% reduction
⁃ 90th – 10% reduction
7Recend Advances in HTTP2, controlling them using ruby
8. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Multiplexing & prioritization
HTTP/2 multiplexes responses into one TCP conn.
⁃ client gives hint for prioritization
⁃ server uses the hint to schedule the responses
but some client-server pairs don’t do it right
8Recend Advances in HTTP2, controlling them using ruby
9. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push
positive reports:
⁃ “20-30% speedup on page render time”2
negative comments:
⁃ many unnecessary pushes (47% are reset2)
⁃ increased render time in anti-patterns3
⁃ “consider preload instead of push”3
push from edge
⁃ how?
2: https://github.com/HTTPWorkshop/workshop2016/blob/master/talks/server-push.pdf
3: https://docs.google.com/document/d/1K0NykTXBbbbTlv60t5MyJvXjqKGsCVNYHyLEXIxYMv0/edit
9Recend Advances in HTTP2, controlling them using ruby
10. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Fixes?
10Recend Advances in HTTP2, controlling them using ruby
11. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Flow of an ideal HTTP transaction
respond to high-priority requests
immediately
send resources in right order
⁃ first send CSS/JS
⁃ then send the HTML
⁃ then send the images
push only the resources not cached
by the client
11Recend Advances in HTTP2, controlling them using ruby
client server
1RTT
12. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
The reality
respond to high-priority requests
immediately
⁃ blocked by unsent data in TCP
send resources in right order
⁃ some browsers don’t specify
priority, some servers fail to
respect priority
⁃ issues caused by hidden resources
push only the resources not cached
by the client
⁃ how?
12Recend Advances in HTTP2, controlling them using ruby
client server
1RTT
13. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking
head-of-line (HoL) blocking:
⁃ high-priority data blocked by preceding data in
flight
TCP HoL blocking:
⁃ data in TCP send buffer blocks following data of
higher priority
13Recend Advances in HTTP2, controlling them using ruby
14. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking
14Recend Advances in HTTP2, controlling them using ruby
typical H2 server writes much more than that can be
sent immediately
⁃ unsent data in TCP send buffer (and TLS buffer)
HOL-blocks following data
TCP send buffer
CWND
unacked poll threshold
TLS buf.
TLS Records
sent immediately not immediately sent
HTTP/2 frames
15. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking: the solution
write only what can be sent immediately
⁃ obtain CWND and unacked size using TCP_INFO
adjust poll threshold to delay write notification until
TCP becomes ready to send some data immediately
15Recend Advances in HTTP2, controlling them using ruby
CWND
unacked poll threshold
TLS Records
sent immediately not immediately sent
HTTP/2 frames
TCP send buffer
16. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking: benchmark 1
16Recend Advances in HTTP2, controlling them using ruby
conditions:
⁃ server in Ireland, client in Tokyo (RTT 250ms)
⁃ load tiny js at the top of a large HTML
result: delay decreased from 511ms to 250ms
⁃ i.e. JS fetch latency was 2RTT, became 1 RTT
• similar results in other environments
17. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking: benchmark 2
using same data as previous
server: Sakura VPS (Ishikari DC)
17Recend Advances in HTTP2, controlling them using ruby
0
50
100
150
200
250
300
HTML JS
milliseconds
downloading HTML (and JS within)
RTT ~25ms
master latopt
18. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
HTTP/2 prioritization
18Recend Advances in HTTP2, controlling them using ruby
Root
Leader G
Follower G
weight: 1
HTML
weight: 32
Image
weight: 22
Image
weight: 22
Image
weight: 22
CSS
weight: 32
CSS
weight: 32
hybrid approach using weights and chaining
⁃ servers are expected to obey to the priority
specified by the clients
Firefox’s prioritization graph is shown below
JS
weight: 32
JS
weight: 32
19. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
HTTP/2 prioritization
some web browsers fail to specify priority
⁃ Safari, Blink
⁃ older versions of Chrome also had issues
⁃ server-side countermeasures required
19Recend Advances in HTTP2, controlling them using ruby
Root
HTML
weight: 16
CSS
weight: 16
JS
weight: 16
Image
weight: 16
Image
weight: 16
Image
weight: 16
20. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
HTTP/2 prioritization: the solution
bandwidth distribution on server-side:
⁃ use Weighted Fair Queuing (WFQ) or Deficit
Round Robin (DRR)
⁃ some servers do it right:
• nghttp2 (and Apache) implements WFQ in O(log N)
• H2O approximates WFQ in O(1)
detect dumb clients and fallback to server-driven
prioritization
⁃ H2O reprioritizes CSS, JS for clients that do not
use priority chains
20Recend Advances in HTTP2, controlling them using ruby
21. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
HTTP/2 prioritization: benchmark
differences between the times spent until first-paint
(red bar)
21Recend Advances in HTTP2, controlling them using ruby
22. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Hidden resource
hidden resource: a resource
specified in CSS (@import) or
JavaScript
⁃ was anti-pattern in HTTP/1
⁃ anti-pattern in HTTP/2 as well
solution:
⁃ avoid use of hidden resources
that block rendering (e.g. CSS,
JS)
⁃ or, specify them using link:
rel=preload
22Recend Advances in HTTP2, controlling them using ruby
client server
23. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push
three use-cases:
⁃ prioritization
⁃ push while processing request
⁃ push from edge
23Recend Advances in HTTP2, controlling them using ruby
24. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Pushing for prioritization
24Recend Advances in HTTP2, controlling them using ruby
client server
GET /
GET
/style.css
HTTP/2 200 OK
<html>
<link
rel=style.css...
HTTP/2 200 OK
body: ...
#title: ...
1. send CSS, JS first
2. then send HTML
(can be rendered
progressively)
without push
client server
GET /
GET /style.css HTTP/2
HTTP/2 200 OK
body: ...
#title: ...
with push
HTTP/2 200 OK
<html>
<link rel=style.css ...
25. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push while processing request
web applications involving DB access, etc.
25Recend Advances in HTTP2, controlling them using ruby
req.
processrequest
push-asset
HTML
push-asset
push-asset
push-asset
req.
processrequest
asset
HTML
asset
asset
asset
req.
450ms(5RTT+processingme)
250ms(1RTT+processingme)
without push with push
26. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push from edge
CDNs’ use-case
⁃ utilize the conn. while waiting for app. response
26Recend Advances in HTTP2, controlling them using ruby
req.
push-asset
HTML
push-asset
push-asset
push-asset
client edge server (CDN) app. server
req.
HTML
27. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
How to push
H2 server may push preloaded links
⁃ e.g. Link: </style.css>; rel=preload
⁃ H2 server may push preloaded links
⁃ recognized by Apache, H2O, nghttp2
⁃ patch exists for Nginx
use nopush attribute to opt-out
⁃ e.g. Link: </dontpush.jpg>; rel=preload; nopush
note: use of preload as a push indicator is upon the
process of standardization at W3C
27Recend Advances in HTTP2, controlling them using ruby
28. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
How to push while processing request
28Recend Advances in HTTP2, controlling them using ruby
send Link: rel=preload as interim response
⁃ application sends 100 then processes the request
supported in H2O 2.1
GET / HTTP/1.1
Host: example.com
HTTP/1.1 100 Continue
Link: </style.css>; rel=preload
HTTP/1.1 200 OK
Content-Type: text/html
<!DOCTYPE HTML>
...
HTTP/2 server app. server Web app.
GET /
100 Continue
Link: …
GET /
200 OK
200 OK
processrequest
29. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
How to push while processing request
configure your H2 server
⁃ in case of H2O:
mruby.handler: |
Proc.new do |env|
push_paths = []
if /(/|.html)$/.match(env["PATH_INFO"])
push_paths << "/style.css”
...
end
[399, push_paths.empty? ? {} : {"link" =>
push_paths.map{|p| "<#{p}>; rel=preload"}.join("n")}, []]
end
file.dir: /path/to/doc-root
29Recend Advances in HTTP2, controlling them using ruby
30. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
BTW, you can do more by using mruby
HTTP authentication
mruby.handler: |
require "htpasswd.rb"
Htpasswd.new("/path/to/.htpasswd", "realm-name")
DoS mitigation
mruby.handler: |
require "dos_detector.rb"
DoSDetector.new({
:strategy => DoSDetector.CountingStrategy.new({
:period => 10,
:threshold => 100,
:ban_period => 300,
}),
})
30Recend Advances in HTTP2, controlling them using ruby
31. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
... and more
Access Control
mruby.handler: |
acl {
allow { addr == "127.0.0.1" }
deny {
user_agent.match(/curl/i) && !addr.start_with?("192.168.")
}
respond(503, {}, ["Service Unavailable"]) {
addr == malicious_ip
}
redirect("https://example.com/", 301) {
path =~ /moved/
}
use Htpasswd.new("/path/to/.htpasswd", "realm") {
path.start_with?("/admin")
}
}
31Recend Advances in HTTP2, controlling them using ruby
32. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
... and more
fast IPv4 address matching using Trie4
mruby.handler: |
require "trie_addr.rb"
trie = TrieAddr.new.add([
"192.168.0.0/16", "172.16.0.0/12", ...]
)
acl {
allow { trie.match?(addr) }
deny
}
4: http://dsas.blog.klab.org/archives/51293338.html
32Recend Advances in HTTP2, controlling them using ruby
33. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
How to push from edge
depends on CDN
⁃ some CDNs may use RUM-based approach
⁃ others may provide DSL
• GCP provides http2-push-manifest (JSON-based)
⁃ though cannot be used for pushing from edge
⁃ anybody using (m)ruby on edge?
33Recend Advances in HTTP2, controlling them using ruby
34. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push vs. cache
why would you ever push cached resources?
⁃ it’s waste of bandwidth (and time)
several ways to avoid pushing cached resources
⁃ cookie-based
• supported by H2O
⁃ cache-digest
• supported by Apache, H2O
• needs browser support or ServiceWorker script
• standardization in process at IETF
⁃ implement your own
34Recend Advances in HTTP2, controlling them using ruby
35. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Avoiding negative effect caused by push
don’t push unless your mechanism is cache-aware
only push resources that block rendering
⁃ reason:
• H2 endpoints have difficulty in distributing bandwidth
bet. pushed and pulled responses
• negative effect caused by HoL blocking, prioritization
and hidden resources becomes more apparent with
push
above rules don’t apply to the tiny pushes
⁃ i.e. those used as a replacement for inlining (i.e.
<img src=“data:...”>)
35Recend Advances in HTTP2, controlling them using ruby
36. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Summary
36Recend Advances in HTTP2, controlling them using ruby
37. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Summary
HTTP/2 has become popular
the effectiveness varies between implementations
⁃ HoL-blocking avoidance, prioritization, cache-
aware push, ...
⁃ upcoming specs (e.g. TLS/1.3, QUIC) may cause
even more difference
⁃ careful evaluation of servers / CDNs is important
H2O is the leader in HTTP/2 server performance
⁃ and can be configured using mruby
37Recend Advances in HTTP2, controlling them using ruby
Editor's Notes
median – 90% reduction
80th percentile – 75% reduction
90th – 10% reduction
TODO add source