Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Evolution of HTTP

Buzzvil
February 20, 2019
0
420

Evolution of HTTP

Buzzvil

February 20, 2019
Tweet

More Decks by Buzzvil

See All by Buzzvil
220903_GFS
buzzvil
0
330
Git 해부하기 2 + 3
buzzvil
0
16
Metastable Failure
buzzvil
0
140
Git 해부하기
buzzvil
0
27
Introduction to Plate Solving
buzzvil
0
9
Airbnb Minerva
buzzvil
0
180
Shape up 방법론
buzzvil
0
790
Buzzvil Billing Data Pipeline
buzzvil
0
410
Journey of Dash's release-cycle
buzzvil
0
130

Featured

See All Featured
Building Adaptive Systems
keathley
31
1.9k
A Tale of Four Properties
chriscoyier
151
22k
Gamification - CAS2011
davidbonilla
76
4.6k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Faster Mobile Websites
deanohume
299
30k
Web Components: a chance to create the future
zenorocha
305
41k
For a Future-Friendly Web
brad_frost
172
9k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
14
1.5k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Rails Girls Zürich Keynote
gr2m
91
13k
Design by the Numbers
sachag
274
18k

Transcript

  1. Evolution of HTTP Buzzvil 2019.02.20 Brice Bang

  2. None

  3. ????????

  4. Why I chose HTTP

  5. Evolution of HTTP HTTP/0.9 (1991) HTTP/1.0 (1996) HTTP/1.1 (1997) HTTP/2

    (2015) HTTP/3 (2019)

  6. Evolution of HTTP HTTP/0.9 (1991) HTTP/1.0 (1996) HTTP/1.1 (1997) HTTP/2

    (2015) HTTP/3 (2019) Where are we?
  7. None

  8. Review – TCP/IP

  9. Review – TCP/IP

  10. Review – TCP/IP IP

  11. Review – TCP/IP IP

  12. Review – TCP/IP TCP IP

  13. Review – TCP/IP TCP IP

  14. Review – TCP/IP TCP IP

  15. Review – TCP/IP TCP IP

  16. Review – UDP/IP UDP IP

  17. Review – UDP/IP UDP IP

  18. Review – TLS 802.11 IP TCP HTTP

  19. Review – TLS 802.11 IP TCP HTTPS

  20. Review – TLS TLS 1.2

  21. Review – TLS TLS 1.2 TLS 1.3

  22. HTTP

  23. Once Upon a Time

  24. Once Upon a Time

  25. Once Upon a Time

  26. Once Upon a Time

  27. Once Upon a Time

  28. Once Upon a Time

  29. Once Upon a Time TCP/IP

  30. Once Upon a Time TCP/IP Server

  31. Once Upon a Time TCP/IP Protocol Server Client

  32. Once Upon a Time TCP/IP Protocol Server Client

  33. Once Upon a Time TCP/IP Protocol Server Client URI URI:

    Uniform Resource Identifier

  34. Once Upon a Time TCP/IP Protocol Server Client URI HTML

    URI: Uniform Resource Identifier HTML: HyperText Markup Language

  35. Once Upon a Time TCP/IP Protocol Server Client URI HTML

    HTTP URI: Uniform Resource Identifier HTML: Hypertext Markup Language HTTP: Hypertext Transfer Protocol

  36. Once Upon a Time TCP/IP Protocol Server Client URI HTML

    HTTP Sir Tim Berners-Lee the father of the World Wide Web URI: Uniform Resource Identifier HTML: Hypertext Markup Language HTTP: Hypertext Transfer Protocol

  37. WorldWideWeb: The First Web Browser

  38. WorldWideWeb: The First Web Browser https://worldwideweb.cern.ch/browser/

  39. HTTP/0.9 (1991) • The initial version of HTTP • Use

    80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

  40. HTTP/0.9 (1991) • The initial version of HTTP • Use

    80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

  41. HTTP/0.9 (1991) • The initial version of HTTP • Use

    80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

  42. HTTP/1.0 (1996) • Version information is now sent • Status

    code, HTTP headers, new methods (POST, HEAD) have been introduced

  43. HTTP/1.0 (1996) • Version information is now sent • Status

    code, HTTP headers, new methods (POST, HEAD) have been introduced

  44. HTTP/1.0 (1996) • Version information is now sent • Status

    code, HTTP headers, new methods (POST, HEAD) have been introduced

  45. The Problems of HTTP/1.0

  46. The Problems of HTTP/1.0

  47. The Problems of HTTP/1.0

  48. The Problems of HTTP/1.0

  49. None
  50. None

  51. HTTP/1.1 (1997) • The first standard • Still in common

    use • Performance optimizations • A persistent connection (keep-alive) • Chunked responses • compression • Cache control • Feature enhancement • Content negotiation (lang, encoding..) • Server collocation (Host header) • New methods • PUT, DELETE, TRACE, OPTIONS

  52. HTTP/1.1 (1997) • The first standard • Still in common

    use • Performance optimizations • A persistent connection (keep-alive) • Chunked responses • compression • Cache control • Feature enhancement • Content negotiation (lang, encoding..) • Server collocation (Host header) • New methods • PUT, DELETE, TRACE, OPTIONS

  53. Persistent Connection (keep-alive)

  54. Persistent Connection (keep-alive)

  55. Thanks to Keep-Alive header • Pipelining • Send successive request

    without waiting for the answer over persistent connection • Idempotent methods only (GET, HEAD, PUT, DELETE) • Multiple Connections • Open multiple connections to same host to speed up retrieval of large numbers of objects • Maximum 6 connection for one origin to avoid DoS

  56. The Web Environment is Changed cf. Default MSS of Ethernet:

    1500 bytes

  57. HTTP/1.1 is Slow • Latency sensitive • Head-of-line blocking •

    Repetitive and redundant Http request headers • Security makes slower

  58. The Internet Has Been Getting Faster

  59. The Internet Has Been Getting Faster

  60. The Internet Has Been Getting Faster

  61. The Internet Has Been Getting Faster

  62. The Key is “Latency” Bandwidth vs Latency impact on Page

    Load Time

  63. Head-of-Line Blocking (HOL)

  64. HTTP Head-of-Line Blocking (keep-alive)

  65. HTTP Request Header

  66. HTTP Request Header

  67. HTTP Request Header

  68. Security is too Slow • HTTPS (HTTP over SSL, HTTP

    over TLS, HTTP Secure) • Use 443 port TCP/IP HTTP Server Client

  69. Security is too Slow • HTTPS (HTTP over SSL, HTTP

    over TLS, HTTP Secure) • Use 443 port TCP/IP TLS Server Client HTTP

  70. Security is too Slow • TCP handshake + TLS handshake

    Exchange HTTP req/res

  71. Security is too Slow • TCP handshake + TLS handshake

    Exchange HTTP req/res
  72. None

  73. Reduce the # of Request

  74. Spriting

  75. Spriting

  76. Inlining - Data URI Scheme • Write the image resource

    in Base64 encoded string to reduce # of request

  77. Minify and Merge CSS/Javascript • To reduce file size and

    # of requests

  78. Minify and Merge CSS/Javascript • To reduce file size and

    # of requests

  79. Domain Sharding • Web browser allows several parallel connections for

    one domain • Split resources over several domains

  80. NOT A SOLUTION

  81. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

  82. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

  83. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

  84. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

  85. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

  86. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

  87. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

  88. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

  89. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)
  90. None
  91. None
  92. None

  93. Security is too Slow

  94. Security is not Slow • http://www.httpvshttps.com/

  95. Security is not Slow • http://www.httpvshttps.com/

  96. Security is not Slow but Fast • http://www.httpvshttps.com/

  97. Security is not Slow but Fast Thanks to HTTP/2 •

    http://www.httpvshttps.com/

  98. HTTP/2

  99. HTTP/2 (2015) • A protocol for low-latency transport of content

    over the World Wide Web • Changes • Textual protocols à binary protocols • Head-of-line blocking à multiplexed and prioritized streams • Concurrent multiple TCP connections à one TCP connection • Redundant HTTP Headers -> Header compression with HPACK • Security -> All browers support HTTP/2 only on TLS • Server Push

  100. Based on the Experimental SPDY Protocol • SPDY: A deprecated

    network protocol developed at for transporting web content TCP/IP TLS HTTP/1.1 TCP/IP TLS SPDY HTTP HTTP/1.1 Stack SPDY Stack TCP/IP TLS HTTP/2 HTTP/2 Stack

  101. Binary Framing Layer

  102. Binary Framing Layer

  103. Multiplexed and Prioritized Streams on single TCP con. • Frames

    can be interleaved • All stream(sequence of frames)s are sent over single TCP connection • Streams have dependencies and weights to calculate the priorities • DATA frames are subject to per-stream and connection flow control

  104. One TCP Connection

  105. One TCP Connection

  106. HPACK Header Compression • Header compression

  107. HTTP/2 and TLS • TLS is optional, but major implementations

    are force TLS • Mozilla Firefox and Google Chrome • Why? • To protect user’s privacy • To avoid the tyranny of the middleboxes • They are upgraded much slower than edges TCP/IP TLS HTTP/2 HTTP/2 Stack

  108. Server Push

  109. None

  110. How to switch to HTTP/2?

  111. Web Browsers are Ready

  112. Our Server Already Supports HTTP/2 h2 h2

  113. Our Server Already Supports HTTP/2 h2 h2

  114. How about Our Clients? • Lockscreen: X • Feed: O

    • BARO: X S N I

  115. How about Others?

  116. OkHttp Supports HTTP/2 by Default

  117. However

  118. iPhone Changes the World

  119. Network is Changed

  120. HTTP/2 on Mobile Good Poor

  121. Packet-Loss: WiFi > Wired Network 1.5% 2.0%

  122. TCP is too Old • Introduced in 1974 (45 years

    old) • Designed to operate in wired network WaveLan (1986) Wi-Fi (1997) become popular 2010~

  123. Handover: WiFi ⇄ LTE

  124. Handover: From WiFi to LTE

  125. TCP on Wireless Network

  126. TCP Head-of-Line Blocking

  127. None
  128. None

  129. HTTP/1.1 workarounds

  130. HTTP/1.1 workarounds HTTP/2

  131. HTTP/1.1 workarounds HTTP/2 HTTP/3?

  132. HTTP/3

  133. QUIC • An experimental transport layer network protocol introduced by

    in 2012 • TCP + TLS + HTTP/2 over UDP

  134. QUIC • An experimental transport layer network protocol introduced by

    in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream

  135. QUIC • An experimental transport layer network protocol introduced by

    in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream • To Prevent Ossification (경직화)

  136. QUIC • An experimental transport layer network protocol introduced by

    in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream • HTTP • Binary Protocol • Multiplexed Streams • Prioritized Streams • One TCP Connection • Header Compression • HPACK à QPACK • Server Push • To Prevent Ossification (골화)

  137. Why UDP? • Middleboxes allow TCP and UDP only •

    TCP has HOL • To move the transport layer from kernel mode to user mode • make development faster • make adoption and spread faster

  138. Minimalized Handshake

  139. Multiplexing

  140. Handover: Connection Independent of IP Address Connection UUID

  141. None

  142. HTTP/3 (2019) HTTP/3

  143. QUIC with

  144. QUIC with

  145. QUIC with

  146. Can I use HTTP/3?

  147. TLS Library Support

  148. Web Browser Support

  149. Server Support

  150. QUICHE

  151. Implementations • IETF QUIC • C • AppleQUIC, f5, lsquic,

    ngtcp2, ngx_quic, pandora, picoquic, quant, quicly, Winquic • C++ • ats, lsquic, mozquic, mvfst • ETC • Java: kwik, go: minq, quic-go, rust: quiche, quicr, quinn, TypeScript: QUICker • Google QUIC • goquic, libquic, lsquic, quic-go, stellite, caddyserver • https://github.com/quicwg/base-drafts/wiki/Implementations

  152. HTTP/3 Challenges • 3-7% something of all QUIC attempts fail

    • Clients need fall back algorithms • CPU intensive (2x ~ 3x) • Lack of APIs of TLS library (OpenSSL) • ARQ limitation • Automatic Repeat Request à Forward error correction may help

  153. Summary • HTTP/0.9 • the first version with one method

    GET in ASCII over TCP • HTTP/1.0 • Many extensions are adopted • One request per one connection • HTTP/1.1 • The first standard version • Persistent connection improved performance, but brought HTTP HOL • Many workarounds have been made over 18 years • HTTP/2 • Binary multiplexed over TCP resolves HTTP HOL ß SPDY • HTTP/3 • Binary over multiplexed QUIC resolve TCP HOL ß QUIC

  154. Advertisement • #dev-news • To share news related to dev,

    IT, tech etc. without interrupting your works

  155. Thank you

  156. References • https://http2.github.io/faq • http://www.httpvshttps.com/ • https://css-tricks.com/http2-real-world-performance-test-analysis/ • http://americanopeople.tistory.com/115 •

    https://hpbn.co/http1x/#concatenation-and-spriting • https://daniel.haxx.se/http2/ • https://daniel.haxx.se/http3-explained/ • https://developer.mozilla.org/en- US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP • https://youtu.be/21eFwbb48sE

  157. References • https://stackoverflow.com/questions/393407/why-http-protocol-is- designed-in-plain-text-way • http://faculty.georgetown.edu/irvinem/theory/Berners-Lee-HTTP- proposal.pdf • http://info.cern.ch/hypertext/WWW/TheProject.html •

    HTTP/1.1: https://tools.ietf.org/html/rfc2068 • HTTP Over TLS: https://tools.ietf.org/html/rfc2818 • https://johngrib.github.io/wiki/why-http-80-https-443/ • https://httparchive.org/reports/state-of-the-web#h2 • https://medium.com/@DarkDrag0nite/how-http-2-reduces-server-cpu- and-bandwidth-10dbb8458feb

  158. References • https://medium.com/platform-engineer/evolution-of-http-69cfe6531ba0 • https://www.popit.kr/%EB%82%98%EB%A7%8C- %EB%AA%A8%EB%A5%B4%EA%B3%A0-%EC%9E%88%EB%8D%98- http2/ • https://cs291.com/slides/2017/14_http2_quic •

    https://learning.linkedin.com/blog/tech-tips/why-encrypting-your- website-is-now-something-you-need-to-do • https://d2.naver.com/helloworld/140351 • https://developers.google.com/web/fundamentals/performance/http2/?h l=ko • https://royal.pingdom.com/http2-new-protocol/

  159. References • https://docs.google.com/presentation/d/1r7QXGYOLCh4fcUq0jDdDwKJW NqWK1o4xMtYpKZCJYjM/present?slide=id.p19 • https://hpbn.co/http1x/ • Jeffrey Erman, et

    al., Towards a SPDY’ier Mobile Web?, 2013 • https://cloudplatform.googleblog.com/2018/06/Introducing-QUIC- support-for-HTTPS-load-balancing.html • https://deview.kr/2016/schedule#session/178 • https://www.youtube.com/watch?v=3c3Rt6QbHDw • https://www.slideshare.net/shigeki_ohtsu/quic-overview • https://daniel.haxx.se/blog/2019/01/21/quic-and-missing-apis/ • New applications above QUIC

  160. References • HTTP/3 is the next coming HTTP version •

    https://blog.erratasec.com/2018/11/some-notes-about-http3.html • https://blog.codavel.com/2018/09/17/quic-vs-tcptls-and-why-quic-is- not-the-next-big-thing • QUIC: in Theory and Practice - Robin Marx | DeltaV 2018 • https://blog.codavel.com/2018/09/17/quic-vs-tcptls-and-why-quic-is- not-the-next-big-thing • https://github.com/quicwg • https://github.com/quicwg/base-drafts/wiki/Implementations