Evolution of HTTP

Transcript

1. Evolution of HTTP Buzzvil 2019.02.20 Brice Bang

2. None

3. ????????

4. Why I chose HTTP

5. Evolution of HTTP HTTP/0.9 (1991) HTTP/1.0 (1996) HTTP/1.1 (1997) HTTP/2

   (2015) HTTP/3 (2019)

6. Evolution of HTTP HTTP/0.9 (1991) HTTP/1.0 (1996) HTTP/1.1 (1997) HTTP/2

   (2015) HTTP/3 (2019) Where are we?
7. None

8. Review – TCP/IP

9. Review – TCP/IP

10. Review – TCP/IP IP

11. Review – TCP/IP IP

12. Review – TCP/IP TCP IP

13. Review – TCP/IP TCP IP

14. Review – TCP/IP TCP IP

15. Review – TCP/IP TCP IP

16. Review – UDP/IP UDP IP

17. Review – UDP/IP UDP IP

18. Review – TLS 802.11 IP TCP HTTP

19. Review – TLS 802.11 IP TCP HTTPS

20. Review – TLS TLS 1.2

21. Review – TLS TLS 1.2 TLS 1.3

22. HTTP

23. Once Upon a Time

24. Once Upon a Time

25. Once Upon a Time

26. Once Upon a Time

27. Once Upon a Time

28. Once Upon a Time

29. Once Upon a Time TCP/IP

30. Once Upon a Time TCP/IP Server

31. Once Upon a Time TCP/IP Protocol Server Client

32. Once Upon a Time TCP/IP Protocol Server Client

33. Once Upon a Time TCP/IP Protocol Server Client URI URI:

    Uniform Resource Identifier

34. Once Upon a Time TCP/IP Protocol Server Client URI HTML

    URI: Uniform Resource Identifier HTML: HyperText Markup Language

35. Once Upon a Time TCP/IP Protocol Server Client URI HTML

    HTTP URI: Uniform Resource Identifier HTML: Hypertext Markup Language HTTP: Hypertext Transfer Protocol

36. Once Upon a Time TCP/IP Protocol Server Client URI HTML

    HTTP Sir Tim Berners-Lee the father of the World Wide Web URI: Uniform Resource Identifier HTML: Hypertext Markup Language HTTP: Hypertext Transfer Protocol

37. WorldWideWeb: The First Web Browser

38. WorldWideWeb: The First Web Browser https://worldwideweb.cern.ch/browser/

39. HTTP/0.9 (1991) • The initial version of HTTP • Use

    80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

40. HTTP/0.9 (1991) • The initial version of HTTP • Use

    80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

41. HTTP/0.9 (1991) • The initial version of HTTP • Use

    80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

42. HTTP/1.0 (1996) • Version information is now sent • Status

    code, HTTP headers, new methods (POST, HEAD) have been introduced

43. HTTP/1.0 (1996) • Version information is now sent • Status

    code, HTTP headers, new methods (POST, HEAD) have been introduced

44. HTTP/1.0 (1996) • Version information is now sent • Status

    code, HTTP headers, new methods (POST, HEAD) have been introduced

45. The Problems of HTTP/1.0

46. The Problems of HTTP/1.0

47. The Problems of HTTP/1.0

48. The Problems of HTTP/1.0

49. None
50. None

51. HTTP/1.1 (1997) • The first standard • Still in common

    use • Performance optimizations • A persistent connection (keep-alive) • Chunked responses • compression • Cache control • Feature enhancement • Content negotiation (lang, encoding..) • Server collocation (Host header) • New methods • PUT, DELETE, TRACE, OPTIONS

52. HTTP/1.1 (1997) • The first standard • Still in common

    use • Performance optimizations • A persistent connection (keep-alive) • Chunked responses • compression • Cache control • Feature enhancement • Content negotiation (lang, encoding..) • Server collocation (Host header) • New methods • PUT, DELETE, TRACE, OPTIONS

53. Persistent Connection (keep-alive)

54. Persistent Connection (keep-alive)

55. Thanks to Keep-Alive header • Pipelining • Send successive request

    without waiting for the answer over persistent connection • Idempotent methods only (GET, HEAD, PUT, DELETE) • Multiple Connections • Open multiple connections to same host to speed up retrieval of large numbers of objects • Maximum 6 connection for one origin to avoid DoS

56. The Web Environment is Changed cf. Default MSS of Ethernet:

    1500 bytes

57. HTTP/1.1 is Slow • Latency sensitive • Head-of-line blocking •

    Repetitive and redundant Http request headers • Security makes slower

58. The Internet Has Been Getting Faster

59. The Internet Has Been Getting Faster

60. The Internet Has Been Getting Faster

61. The Internet Has Been Getting Faster

62. The Key is “Latency” Bandwidth vs Latency impact on Page

    Load Time

63. Head-of-Line Blocking (HOL)

64. HTTP Head-of-Line Blocking (keep-alive)

65. HTTP Request Header

66. HTTP Request Header

67. HTTP Request Header

68. Security is too Slow • HTTPS (HTTP over SSL, HTTP

    over TLS, HTTP Secure) • Use 443 port TCP/IP HTTP Server Client

69. Security is too Slow • HTTPS (HTTP over SSL, HTTP

    over TLS, HTTP Secure) • Use 443 port TCP/IP TLS Server Client HTTP

70. Security is too Slow • TCP handshake + TLS handshake

    Exchange HTTP req/res

71. Security is too Slow • TCP handshake + TLS handshake

    Exchange HTTP req/res
72. None

73. Reduce the # of Request

74. Spriting

75. Spriting

76. Inlining - Data URI Scheme • Write the image resource

    in Base64 encoded string to reduce # of request

77. Minify and Merge CSS/Javascript • To reduce file size and

    # of requests

78. Minify and Merge CSS/Javascript • To reduce file size and

    # of requests

79. Domain Sharding • Web browser allows several parallel connections for

    one domain • Split resources over several domains

80. NOT A SOLUTION

81. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

82. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

83. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

84. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

85. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

86. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

87. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

88. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)

89. Text Protocol’s Limitation • Ex) Detect message body length (From

    rfc7230)
90. None
91. None
92. None

93. Security is too Slow

94. Security is not Slow • http://www.httpvshttps.com/

95. Security is not Slow • http://www.httpvshttps.com/

96. Security is not Slow but Fast • http://www.httpvshttps.com/

97. Security is not Slow but Fast Thanks to HTTP/2 •

    http://www.httpvshttps.com/

98. HTTP/2

99. HTTP/2 (2015) • A protocol for low-latency transport of content

    over the World Wide Web • Changes • Textual protocols à binary protocols • Head-of-line blocking à multiplexed and prioritized streams • Concurrent multiple TCP connections à one TCP connection • Redundant HTTP Headers -> Header compression with HPACK • Security -> All browers support HTTP/2 only on TLS • Server Push

100. Based on the Experimental SPDY Protocol • SPDY: A deprecated

     network protocol developed at for transporting web content TCP/IP TLS HTTP/1.1 TCP/IP TLS SPDY HTTP HTTP/1.1 Stack SPDY Stack TCP/IP TLS HTTP/2 HTTP/2 Stack

101. Binary Framing Layer

102. Binary Framing Layer

103. Multiplexed and Prioritized Streams on single TCP con. • Frames

     can be interleaved • All stream(sequence of frames)s are sent over single TCP connection • Streams have dependencies and weights to calculate the priorities • DATA frames are subject to per-stream and connection flow control

104. One TCP Connection

105. One TCP Connection

106. HPACK Header Compression • Header compression

107. HTTP/2 and TLS • TLS is optional, but major implementations

     are force TLS • Mozilla Firefox and Google Chrome • Why? • To protect user’s privacy • To avoid the tyranny of the middleboxes • They are upgraded much slower than edges TCP/IP TLS HTTP/2 HTTP/2 Stack

108. Server Push

109. None

110. How to switch to HTTP/2?

111. Web Browsers are Ready

112. Our Server Already Supports HTTP/2 h2 h2

113. Our Server Already Supports HTTP/2 h2 h2

114. How about Our Clients? • Lockscreen: X • Feed: O

     • BARO: X S N I

115. How about Others?

116. OkHttp Supports HTTP/2 by Default

117. However

118. iPhone Changes the World

119. Network is Changed

120. HTTP/2 on Mobile Good Poor

121. Packet-Loss: WiFi > Wired Network 1.5% 2.0%

122. TCP is too Old • Introduced in 1974 (45 years

     old) • Designed to operate in wired network WaveLan (1986) Wi-Fi (1997) become popular 2010~

123. Handover: WiFi ⇄ LTE

124. Handover: From WiFi to LTE

125. TCP on Wireless Network

126. TCP Head-of-Line Blocking

127. None
128. None

129. HTTP/1.1 workarounds

130. HTTP/1.1 workarounds HTTP/2

131. HTTP/1.1 workarounds HTTP/2 HTTP/3?

132. HTTP/3

133. QUIC • An experimental transport layer network protocol introduced by

     in 2012 • TCP + TLS + HTTP/2 over UDP

134. QUIC • An experimental transport layer network protocol introduced by

     in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream

135. QUIC • An experimental transport layer network protocol introduced by

     in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream • To Prevent Ossification (경직화)

136. QUIC • An experimental transport layer network protocol introduced by

     in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream • HTTP • Binary Protocol • Multiplexed Streams • Prioritized Streams • One TCP Connection • Header Compression • HPACK à QPACK • Server Push • To Prevent Ossification (골화)

137. Why UDP? • Middleboxes allow TCP and UDP only •

     TCP has HOL • To move the transport layer from kernel mode to user mode • make development faster • make adoption and spread faster

138. Minimalized Handshake

139. Multiplexing

140. Handover: Connection Independent of IP Address Connection UUID

141. None

142. HTTP/3 (2019) HTTP/3

143. QUIC with

144. QUIC with

145. QUIC with

146. Can I use HTTP/3?

147. TLS Library Support

148. Web Browser Support

149. Server Support

150. QUICHE

151. Implementations • IETF QUIC • C • AppleQUIC, f5, lsquic,

     ngtcp2, ngx_quic, pandora, picoquic, quant, quicly, Winquic • C++ • ats, lsquic, mozquic, mvfst • ETC • Java: kwik, go: minq, quic-go, rust: quiche, quicr, quinn, TypeScript: QUICker • Google QUIC • goquic, libquic, lsquic, quic-go, stellite, caddyserver • https://github.com/quicwg/base-drafts/wiki/Implementations

152. HTTP/3 Challenges • 3-7% something of all QUIC attempts fail

     • Clients need fall back algorithms • CPU intensive (2x ~ 3x) • Lack of APIs of TLS library (OpenSSL) • ARQ limitation • Automatic Repeat Request à Forward error correction may help

153. Summary • HTTP/0.9 • the first version with one method

     GET in ASCII over TCP • HTTP/1.0 • Many extensions are adopted • One request per one connection • HTTP/1.1 • The first standard version • Persistent connection improved performance, but brought HTTP HOL • Many workarounds have been made over 18 years • HTTP/2 • Binary multiplexed over TCP resolves HTTP HOL ß SPDY • HTTP/3 • Binary over multiplexed QUIC resolve TCP HOL ß QUIC

154. Advertisement • #dev-news • To share news related to dev,

     IT, tech etc. without interrupting your works

155. Thank you

156. References • https://http2.github.io/faq • http://www.httpvshttps.com/ • https://css-tricks.com/http2-real-world-performance-test-analysis/ • http://americanopeople.tistory.com/115 •

     https://hpbn.co/http1x/#concatenation-and-spriting • https://daniel.haxx.se/http2/ • https://daniel.haxx.se/http3-explained/ • https://developer.mozilla.org/en- US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP • https://youtu.be/21eFwbb48sE

157. References • https://stackoverflow.com/questions/393407/why-http-protocol-is- designed-in-plain-text-way • http://faculty.georgetown.edu/irvinem/theory/Berners-Lee-HTTP- proposal.pdf • http://info.cern.ch/hypertext/WWW/TheProject.html •

     HTTP/1.1: https://tools.ietf.org/html/rfc2068 • HTTP Over TLS: https://tools.ietf.org/html/rfc2818 • https://johngrib.github.io/wiki/why-http-80-https-443/ • https://httparchive.org/reports/state-of-the-web#h2 • https://medium.com/@DarkDrag0nite/how-http-2-reduces-server-cpu- and-bandwidth-10dbb8458feb

158. References • https://medium.com/platform-engineer/evolution-of-http-69cfe6531ba0 • https://www.popit.kr/%EB%82%98%EB%A7%8C- %EB%AA%A8%EB%A5%B4%EA%B3%A0-%EC%9E%88%EB%8D%98- http2/ • https://cs291.com/slides/2017/14_http2_quic •

     https://learning.linkedin.com/blog/tech-tips/why-encrypting-your- website-is-now-something-you-need-to-do • https://d2.naver.com/helloworld/140351 • https://developers.google.com/web/fundamentals/performance/http2/?h l=ko • https://royal.pingdom.com/http2-new-protocol/

159. References • https://docs.google.com/presentation/d/1r7QXGYOLCh4fcUq0jDdDwKJW NqWK1o4xMtYpKZCJYjM/present?slide=id.p19 • https://hpbn.co/http1x/ • Jeffrey Erman, et

     al., Towards a SPDY’ier Mobile Web?, 2013 • https://cloudplatform.googleblog.com/2018/06/Introducing-QUIC- support-for-HTTPS-load-balancing.html • https://deview.kr/2016/schedule#session/178 • https://www.youtube.com/watch?v=3c3Rt6QbHDw • https://www.slideshare.net/shigeki_ohtsu/quic-overview • https://daniel.haxx.se/blog/2019/01/21/quic-and-missing-apis/ • New applications above QUIC

160. References • HTTP/3 is the next coming HTTP version •

     https://blog.erratasec.com/2018/11/some-notes-about-http3.html • https://blog.codavel.com/2018/09/17/quic-vs-tcptls-and-why-quic-is- not-the-next-big-thing • QUIC: in Theory and Practice - Robin Marx | DeltaV 2018 • https://blog.codavel.com/2018/09/17/quic-vs-tcptls-and-why-quic-is- not-the-next-big-thing • https://github.com/quicwg • https://github.com/quicwg/base-drafts/wiki/Implementations