HTTP 2.0 and QUIC - Protocols of the (near) future

HTTP 2.0 and QUIC
protocols of the (near)
future
@ipeychev

View Slide

Why a new version of
HTTP protocol?
2.0

View Slide

HTTP is used by the World-Wide Web since 1990
Browser sends request to the server
Server responds
GET /index.html HTTP/1.1
HTTP/1.1 200 OK

View Slide

The number of requests per page increases
HTTP Archive
Top 100 sites
data for
15.11.2010 - 1.10.2014

View Slide

HTTP 1.1 has issues

View Slide

Optional parts, like
HTTP Pipelining
It is very latency
sensitive
The speciﬁcation
is huge
HTTP 1.1 issues
and more...

View Slide

Latency kills and bandwidth is
not everything

View Slide

Latency vs bandwidth
Ilya Grigorik
Developer Advocate, Google

View Slide

What could be the solution?

View Slide

HTTP pipelining?
WikipediA
The free Encyclopedia

View Slide

HTTP pipelining

View Slide

Why not HTTP Pipelining?
The server must send its responses in the same order that
requests were received
So the entire connection remains ﬁrst-in-ﬁrst-out (FIFO)
and Head-of-line (HOL) blocking can occur
and more, like buggy proxy servers

View Slide

In most browsers HTTP pipelining is disabled
Or not implemented at all
Browsers achieve multiplexing by opening multiple connections
to servers
As a result...

View Slide

Developer workarounds

View Slide

Image sprites
1
Sharding
2
Resource inlining
3
Developers invented workarounds

View Slide

Concatenating ﬁles
4
Combo services
5
Preloading resources
6

View Slide

Reducing cookie size
7
Using cookie-free domains
8
Using instead of @import
9

View Slide

Pack components into a multipart document 
(like email with attachments)
10

View Slide

browser diet

View Slide

View Slide

Got tired?

View Slide

Welcome to
HTTP 2.0 and QUIC

View Slide

HTTP 2.0 (draft 14)

View Slide

HTTP 2.0 ﬁxes issues in HTTP 1.1
without breaking the web

View Slide

Using
HTTP Upgrade
mechanism
HTTP
How browser switches to HTTP 2.0
GET / HTTP/1.1
Host: server.example.com
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings:

View Slide

HTTPS
How browser switches to HTTP 2.0
ALPN
Using
Application Layer
Protocol Negotiation
extension

View Slide

HTTP 2.0 features

View Slide

HTTP 2.0 Features
It is a binary protocol, not text one
Browser and server exchange frames
Each frame belongs to stream
Streams are multiplexed, with priorities
Server push

View Slide

ONE connection to the server should be enough
(not six connections per domain as most browsers do now)
HTTP 2.0 Features

View Slide

Frames

View Slide

Frame format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length (24) |
+---------------+---------------+---------------+
| Type (8) | Flags (8) |
+-+-+-----------+---------------+-------------------------------+
|R| Stream Identifier (31) |
+=+=============================================================+
| Frame Payload (0...) ...
+---------------------------------------------------------------+

View Slide

Frame types
DATA Convey arbitrary data associated with a stream
HEADERS Used to open a stream and carries name-value pairs
PRIORITY Speciﬁes the sender-advised priority of a stream
RST_STREAM Allows abnormal termination of a stream
SETTINGS
Conveys conﬁguration parameters that affect how endpoints
communicate

View Slide

Frame types
PUSH_PROMISE
Used to notify the peer endpoint in advance of streams the sender
intends to initiate
PING
Measuring a minimal round-trip time from the sender; checks if a
connection is still alive
GOAWAY Informs the remote peer to stop creating streams on this connection
WINDOW_UPDATE
Used to implement ﬂow control on each individual stream or on the
entire connection.
CONTNUATION Used to continue a sequence of header block fragments

View Slide

Streams

View Slide

Stream
Logical, bi-directional sequence of frames.

View Slide

Streams
One single connection - multiple open streams.

View Slide

Priorities and dependencies

View Slide

Stream priority
Each stream has priority
Speciﬁed by the client (browser)
Priority can be changed runtime

View Slide

Stream dependencies
A stream can depend on another one.
A
B C
D

View Slide

Stream dependencies
A
B C
D
A stream can depend on another one.

View Slide

Headers

View Slide

Header compression
HTTP 2.0 is stateless protocol too
The client still has to send data to the server
The headers in HTTP 2.0 are compressed

View Slide

Header compression
Stateful
Using a single compression context for the
entire connection
The algorithm is called HPACK (Header
Compression for HTTP/2)

View Slide

Header compression
HPACK has been invented because
of attacks like CRIME and BREACH

View Slide

Server push
(we did that for years)

View Slide

Server push
Server pre-emptively sends resources to a client,
in association with a previous client-initiated
request

View Slide

Server push
The client explicitly must allow it
A client cannot push

View Slide

HTTP/2 rulez!

View Slide

QUIC protocol

View Slide

QUIC Features
Natural extension of SPDY/HTTP 2.0 research
Multiplexing transport protocol
Runs on top of UDP

View Slide

Why not SCTP over DTLS?
After all, SCTP provides (among other things) stream
multiplexing
And DTLS provides SSL quality encryption and
authentication over a UDP stream

View Slide

Why not SCTP over DTLS?
Mainly because roughly 4 round trips are needed to
establish an SCTP over DTLS connection
In contrast, the goal of QUIC is to perform a connection
establishment with zero RTT overhead

View Slide

Goal: 0-RTT (round-trip time) connectivity
overhead
Has all the beneﬁts of SPDY/HTTP 2.0
QUIC Features
but...

View Slide

QUIC Features
No head-of-line blocking in QUIC!

View Slide

QUIC Features
Delay of only one packet causes the entire set of
SPDY (aka HTTP/2) streams to pause.
(Since TCP only provides a single serialized stream interface)
In QUIC, when a single packet is lost,
only one stream is being delayed

View Slide

QUIC Features
No head-of-line blocking in QUIC!

View Slide

QUIC Features
100 ms
0 ms RTT
Repeat connection
New connection
QUIC TCP + TLS
300 ms
200 ms RTT
Repeat connection
New connection

View Slide

QUIC Encryption
Comparable to TLS, with more efﬁcient handshake
Replay attack and IP Spooﬁng protection

View Slide

QUIC Forward error correction

View Slide

QUIC Internet connections persistence
Communication channels are not deﬁned by IP
+Port but by an ID
You leave a WiFi zone and entering a mobile one
but the connection continues

View Slide

Demo time

View Slide

View Slide

https://http2rulez.com
Open Source platform for testing different
optimization strategies for HTTP 2.0
Same content, served via HTTP, HTTPS, SPDY and
HTTP/2
(No QUIC endpoint yet)
View Page Load Time for each page

View Slide

HTTPS Waterfall
HTTPS waterfall

View Slide

HTTPS connection view

View Slide

HTTP/2 waterfall without server push

View Slide

HTTP/2 connection view without server push

View Slide

HTTP/2 waterfall with server push

View Slide

HTTP/2 connection view with server push

View Slide

Wrap up

View Slide

Wrap up
Remember the workarounds we do to speed up our
sites?

View Slide

Wrap up
Ask yourself

View Slide

Wrap up
How HTTP 2.0 will affect the way
YOU
develop and optimize Web applications?

View Slide

Thank you!
ipeychev

View Slide

HTTP 2.0 and QUIC - Protocols of the (near) future

HTTP 2.0 and QUIC - Protocols of the (near) future

Iliyan Peychev

More Decks by Iliyan Peychev

Other Decks in Programming

Featured

Transcript