Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTP/2: Operable and Performant

Mark Nottingham
September 17, 2014
Technology
0
110

HTTP/2: Operable and Performant

HTTP/2 support is emerging in browsers and other software, after two years of work in the IETF and informed by even more experience with SPDY. While the new protocol is a drop-in replacement for HTTP/1, getting the most out of it takes understanding, planning, and effort. This talk will explain how HTTP/2 affects operations, what situations it can help performance in, and what the community has learned about deploying it.

Mark Nottingham

September 17, 2014
Tweet

More Decks by Mark Nottingham

See All by Mark Nottingham
What's Happening in TLS?
mnot
0
320
What HTTP/2.0 will* do for you
mnot
6
1.8k
Browser Caching and You - A Love Story
mnot
0
140
Stupid Web Caching Tricks
mnot
12
4.3k
What's up with HTTP?
mnot
4
2.4k
Leveraging the Web for Services at Yahoo!
mnot
2
160
Web 2.0 on Speed
mnot
2
100

Other Decks in Technology

See All in Technology
GitHub Actionsと"仲良くなる"ための練習方法
tsubakimoto_s
10
2.6k
未来の開発者へ負債を残さないために取り組んだこと
hayatokudou
0
140
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
1
2.4k
チームで導入する Jetpack Compose あの素晴らしいLTをもう一度.ver
kako351
1
150
ローコードで実現するDevOps ~継続的テスト編~
odasho
1
130
AWS CDKで作るCloudWatch Dashboard
harukasakihara
3
500
ChatGPT(GPT-4版)でIoTやってみた / IoTLT vol.97
you
0
110
Pain-free APIs with Smithy4s
kubukoz
0
130
八王子からお届けするノベルティ - YAPC::Kyoto 2023
uzulla
0
360
関数型で表現するイベントソーシングの実装とその教育
tomohisa
0
150
Federated Learning 連合学習
regonn
1
350
開幕LT
makamaka
0
360

Featured

See All Featured
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.2k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
44
14k
Art, The Web, and Tiny UX
lynnandtonic
284
18k
YesSQL, Process and Tooling at Scale
rocio
159
13k
Side Projects
sachag
451
38k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
24
5.1k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
217
21k
Rails Girls Zürich Keynote
gr2m
87
12k
The Pragmatic Product Professional
lauravandoore
21
3.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
22
1.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
38
3.7k
The Mythical Team-Month
searls
210
40k

Transcript

  1. HTTP/2:

    Operable and Performant
    Mark Nottingham @mnot (@akamai)

    View Slide

  2. This talk may be disappointing.

    View Slide

  3. Donald Rumsfeld
    “As we know, there are known knowns;
    there are things we know we know. We
    also know there are known unknowns;
    that is to say we know there are some
    things we do not know. But there are also
    unknown unknowns — the ones we don’t
    know we don’t know.”

    View Slide

  4. HTTP Perf Knowledge
    1990 1995 2000 2005 2010 2015
    Maybe we
    should reuse that
    connection…
    First Velocity
    HTTP/0.9
    HTTP/1.1
    HTTP/2

    View Slide

  5. HTTP/2 is almost here!
    … and it’s a lot like SPDY

    View Slide

  6. HTTP/2 in One Slide
    • Multiplexing + Header Compression + Server Push
    • Goal: one connection from browser
    • Post-WGLC
    • Coming in Firefox, Chrome, IE, others very, very soon

    View Slide

  7. View Slide

  8. {HTTP2, SPDY} and Performance

    View Slide

  9. • Prioritisation!
    • Server Push!
    • Header Compression!
    • TLS and TCP

    View Slide

  10. 1. Prioritisation

    View Slide

  11. HTTP/1

    View Slide

  12. View Slide

  13. HTTP/2

    View Slide

  14. View Slide

  15. • In HTTP/1, Prioritisation is a browser heuristic*
    • “CSS and JS first, then images…”
    • “This connection for that request…”
    • In HTTP/2, it’s hinted by the client, determined by the server.
    * a.k.a. “guessing”

    View Slide

  16. HTTP/2 Priority Hinting
    12
    4
    5
    5

    View Slide

  17. View Slide

  18. • Servers can do what they like with this information.
    • Only one of several potential sources!
    • Page analysis, RUM over time, etc.
    • No prioritisation performs worse than HTTP/1.

    View Slide

  19. Ask Your Implementation
    • How do you handle priority by default?
    • What APIs do you expose for effecting prioritisation?
    • How do you handle reprioritisation?
    • Do you queue in user space and use
    TCP_NOTSENT_LOWAT*?
    * https://insouciant.org/tech/prioritization-only-works-when-theres-pending-data-to-prioritize/

    View Slide

  20. 2. Server Push

    View Slide

  21. View Slide

  22. Benefits of Push
    • Avoid a RT without sacrificing Resource Granularity!
    • Better cache efficiency
    • Reduced parse / blocking
    • Load what you need
    • Modularity
    • Client can refuse push with RST_STREAM

    View Slide

  23. When do I Push?
    • Easy answer: when you previously inlined / concatenated
    • Creative answer: when you want to overload it for async data
    • Real answer: we need research, metrics and tools!
    • speculative push is likely a very different beast
    • how will intermediaries handle server push?

    View Slide

  24. 3. Header Compression

    View Slide

  25. View Slide

  26. GET / HTTP/1.1!
    Host: www.etsy.com!
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.14 (KHTML, like Gecko)
    Version/6.0.1 Safari/536.26.14!
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8!
    DNT: 1!
    Accept-Language: en-us!
    Accept-Encoding: gzip, deflate!
    Cookie: uaid=uaid%3DVdhk5W6sexG-_Y7ZBeQFa3cq7yMQ%26_now%3D1325204464%26_slt%3Ds_LCLVpU%26_kid%3D1%26_ver
    %3D1%26_mac%3DlVnlM3hMdb3Cs3hqMVuk_dQEixsqQzUlNYCs9H_Kj8c.; user_prefs=1&2596706699&q0tPzMlJLaoEAA==!
    Connection: keep-alive
    GET /assets/dist/js/etsy.recent-searches.20121001205006.js HTTP/1.1!
    Host: www.etsy.com!
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.14 (KHTML, like Gecko)
    Version/6.0.1 Safari/536.26.14!
    Accept: */*!
    DNT: 1!
    Referer: http://www.etsy.com/!
    Accept-Language: en-us!
    Accept-Encoding: gzip, deflate!
    Cookie: autosuggest_split=1; etala=111461200.1476767743.1349274889.1349274889.1349274889.1.0;
    etalb=111461200.1.10.1349274889; last_browse_page=%2F; uaid=uaid%3DVdhk5W6sexG-_Y7ZBeQFa3cq7yMQ%26_now
    %3D1325204464%26_slt%3Ds_LCLVpU%26_kid%3D1%26_ver%3D1%26_mac
    %3DlVnlM3hMdb3Cs3hqMVuk_dQEixsqQzUlNYCs9H_Kj8c.; user_prefs=1&2596706699&q0tPzMlJLaoEAA==!
    Connection: keep-alive

    View Slide

  27. • Simple replacement strategies work surprisingly well
    • e.g., LRU
    • Tuning is more important when you mux clients
    • e.g., in a load balancer / reverse proxy
    • look at state commitment as well
    • In the long run, changing how we use HTTP headers will improve
    compression

    View Slide

  28. 4. TLS and TCP

    View Slide

  29. View Slide

  30. • initcwnd of 10
    • Turn off tcp_slow_start_after_idle
    • Experiment with congestion control algorithms

    View Slide

  31. How does {SPDY, HTTP/2} affect Ops?

    View Slide

  32. • TLS!
    • Load Balancing/Failover!
    • DoS!
    • Tools!
    • Metrics!
    • Transition Strategies

    View Slide

  33. 1. TLS

    View Slide

  34. • HTTP/2 does not require https://
    • However, Chrome and Firefox have said they won’t do plaintext http://
    • … Firefox is experimenting with “Opportunistic Security” for http://
    • If you want to get the most users onto HTTP/2, it has to be https://
    (for now)

    View Slide

  35. • Minimum TLS 1.2
    • SNI required
    • Renegotiation during HTTP prohibited
    • Ephemeral Key Exchange required (for forward secrecy)
    • AEAD ciphers effectively required
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 w/ P256

    View Slide

  36. 2. Failover and Load Balancing

    View Slide

  37. • HTTP/2 flows are longer-lived!
    • So, you can’t assume they’ll go away soon
    • This changes load balancing and failover strategies

    View Slide

  38. • GOAWAY allows you to gracefully shut down a connection
    • Existing requests drain

    View Slide

  39. • Alternative Services acts like CNAME at the HTTP layer
    • “Spool up a connection at host:port and talk to it like it’s this origin.”
    • It’s graceful; should introduce no latency / pauses
    • Load balancing, geo optimisation, taking server out of rotation
    • Browser support coming (hopefully)

    View Slide

  40. 3. DoS

    View Slide

  41. TCP Connections
    • HTTP/2 uses less connections by a factor of 4x - 8x!
    • Those connections are a lot more active, well-utilised
    • If you think you’re under attack, you’ve got options
    • Reduce SETTINGS_MAX_CONCURRENT_STREAMS
    • Flow control them
    • GOAWAY

    View Slide

  42. Memory
    • Header compression = More state per connection
    • default header compression state = 4k!
    • state commitment can be tuned using SETTINGS_HEADER_TABLE_SIZE
    • Buffering e.g., by intermediaries
    • can be controlled by flow control
    • (stream-level and connection-level)

    View Slide

  43. CPU
    • Binary format is easier to parse!
    • HPACK is very low overhead (less than gzip)
    • can be dialled down if need be with SETTINGS_HEADER_TABLE_SIZE

    View Slide

  44. Intermediaries
    • There are some cases where an intermediary can get in trouble
    • Never forward a frame before you have it all!
    • Never forward a header-bearing block before you have it all!
    • … unless you really trust the sender.

    View Slide

  45. 4. Tools

    View Slide

  46. View Slide

  47. curl

    View Slide

  48. ?

    View Slide

  49. 5. Metrics

    View Slide

  50. • Connection Utilisation!
    • idle periods, concurrency, reset streams, protocol errors
    • HPACK efficiency!
    • hit rates, memory consumption, lost opportunities
    • both directions!
    • RUM RUM RUM!

    View Slide

  51. 6. Transition
    Strategies

    View Slide

  52. “How Speedy is SPDY?” — Wang, Balasubramanian, Krishnamurthy and Wetherall

    View Slide

  53. Un-Hacking Your Site
    Spriting ‛ Separate Resources
    Inlining ‛ Server Push
    Sharding ‛ Single Host
    Concatenation ‛ Separate Resources

    View Slide

  54. Why Un-Hack?
    • CSS Spriting delays image downloads (indirection)
    • Concatenation / inlining / spriting reduce cache efficiency!
    • Concatenation / inlining / spriting encourages wasted download!
    • JS concatenation increases parse/load overhead!
    • Sharding reduces header compression efficiency, tcp flow gains

    View Slide

  55. When to Un-Hack?
    • Lots of choices:
    • When x% of your traffic supports HTTP/2
    • Dynamically hack per connection
    • Gradual rollout
    • Just Do It

    View Slide

  56. • Switch to HTTPS first
    • De-[sprite, concatenate, shard, inline]
    • Browser rollout period is a unique opportunity
    • Collect metrics!

    View Slide

  57. View Slide

  58. Questions?

    View Slide