Tweet
Tweet

Slide 1

Slide 1 text

Evolution of HTTP Buzzvil 2019.02.20 Brice Bang

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

????????

Slide 4

Slide 4 text

Why I chose HTTP

Slide 5

Slide 5 text

Evolution of HTTP HTTP/0.9 (1991) HTTP/1.0 (1996) HTTP/1.1 (1997) HTTP/2 (2015) HTTP/3 (2019)

Slide 6

Slide 6 text

Evolution of HTTP HTTP/0.9 (1991) HTTP/1.0 (1996) HTTP/1.1 (1997) HTTP/2 (2015) HTTP/3 (2019) Where are we?

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

Review – TCP/IP

Slide 9

Slide 9 text

Review – TCP/IP

Slide 10

Slide 10 text

Review – TCP/IP IP

Slide 11

Slide 11 text

Review – TCP/IP IP

Slide 12

Slide 12 text

Review – TCP/IP TCP IP

Slide 13

Slide 13 text

Review – TCP/IP TCP IP

Slide 14

Slide 14 text

Review – TCP/IP TCP IP

Slide 15

Slide 15 text

Review – TCP/IP TCP IP

Slide 16

Slide 16 text

Review – UDP/IP UDP IP

Slide 17

Slide 17 text

Review – UDP/IP UDP IP

Slide 18

Slide 18 text

Review – TLS 802.11 IP TCP HTTP

Slide 19

Slide 19 text

Review – TLS 802.11 IP TCP HTTPS

Slide 20

Slide 20 text

Review – TLS TLS 1.2

Slide 21

Slide 21 text

Review – TLS TLS 1.2 TLS 1.3

Slide 22

Slide 22 text

HTTP

Slide 23

Slide 23 text

Once Upon a Time

Slide 24

Slide 24 text

Once Upon a Time

Slide 25

Slide 25 text

Once Upon a Time

Slide 26

Slide 26 text

Once Upon a Time

Slide 27

Slide 27 text

Once Upon a Time

Slide 28

Slide 28 text

Once Upon a Time

Slide 29

Slide 29 text

Once Upon a Time TCP/IP

Slide 30

Slide 30 text

Once Upon a Time TCP/IP Server

Slide 31

Slide 31 text

Once Upon a Time TCP/IP Protocol Server Client

Slide 32

Slide 32 text

Once Upon a Time TCP/IP Protocol Server Client

Slide 33

Slide 33 text

Once Upon a Time TCP/IP Protocol Server Client URI URI: Uniform Resource Identifier

Slide 34

Slide 34 text

Once Upon a Time TCP/IP Protocol Server Client URI HTML URI: Uniform Resource Identifier HTML: HyperText Markup Language

Slide 35

Slide 35 text

Once Upon a Time TCP/IP Protocol Server Client URI HTML HTTP URI: Uniform Resource Identifier HTML: Hypertext Markup Language HTTP: Hypertext Transfer Protocol

Slide 36

Slide 36 text

Once Upon a Time TCP/IP Protocol Server Client URI HTML HTTP Sir Tim Berners-Lee the father of the World Wide Web URI: Uniform Resource Identifier HTML: Hypertext Markup Language HTTP: Hypertext Transfer Protocol

Slide 37

Slide 37 text

WorldWideWeb: The First Web Browser

Slide 38

Slide 38 text

WorldWideWeb: The First Web Browser https://worldwideweb.cern.ch/browser/

Slide 39

Slide 39 text

HTTP/0.9 (1991) • The initial version of HTTP • Use 80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

Slide 40

Slide 40 text

HTTP/0.9 (1991) • The initial version of HTTP • Use 80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

Slide 41

Slide 41 text

HTTP/0.9 (1991) • The initial version of HTTP • Use 80 port • No version number (later been called 0.9) • Only one method (GET) • No HTTP headers / No error code • Response only contains the HTML file

Slide 42

Slide 42 text

HTTP/1.0 (1996) • Version information is now sent • Status code, HTTP headers, new methods (POST, HEAD) have been introduced

Slide 43

Slide 43 text

HTTP/1.0 (1996) • Version information is now sent • Status code, HTTP headers, new methods (POST, HEAD) have been introduced

Slide 44

Slide 44 text

HTTP/1.0 (1996) • Version information is now sent • Status code, HTTP headers, new methods (POST, HEAD) have been introduced

Slide 45

Slide 45 text

The Problems of HTTP/1.0

Slide 46

Slide 46 text

The Problems of HTTP/1.0

Slide 47

Slide 47 text

The Problems of HTTP/1.0

Slide 48

Slide 48 text

The Problems of HTTP/1.0

Slide 49

Slide 49 text

No content

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

HTTP/1.1 (1997) • The first standard • Still in common use • Performance optimizations • A persistent connection (keep-alive) • Chunked responses • compression • Cache control • Feature enhancement • Content negotiation (lang, encoding..) • Server collocation (Host header) • New methods • PUT, DELETE, TRACE, OPTIONS

Slide 52

Slide 52 text

HTTP/1.1 (1997) • The first standard • Still in common use • Performance optimizations • A persistent connection (keep-alive) • Chunked responses • compression • Cache control • Feature enhancement • Content negotiation (lang, encoding..) • Server collocation (Host header) • New methods • PUT, DELETE, TRACE, OPTIONS

Slide 53

Slide 53 text

Persistent Connection (keep-alive)

Slide 54

Slide 54 text

Persistent Connection (keep-alive)

Slide 55

Slide 55 text

Thanks to Keep-Alive header • Pipelining • Send successive request without waiting for the answer over persistent connection • Idempotent methods only (GET, HEAD, PUT, DELETE) • Multiple Connections • Open multiple connections to same host to speed up retrieval of large numbers of objects • Maximum 6 connection for one origin to avoid DoS

Slide 56

Slide 56 text

The Web Environment is Changed cf. Default MSS of Ethernet: 1500 bytes

Slide 57

Slide 57 text

HTTP/1.1 is Slow • Latency sensitive • Head-of-line blocking • Repetitive and redundant Http request headers • Security makes slower

Slide 58

Slide 58 text

The Internet Has Been Getting Faster

Slide 59

Slide 59 text

The Internet Has Been Getting Faster

Slide 60

Slide 60 text

The Internet Has Been Getting Faster

Slide 61

Slide 61 text

The Internet Has Been Getting Faster

Slide 62

Slide 62 text

The Key is “Latency” Bandwidth vs Latency impact on Page Load Time

Slide 63

Slide 63 text

Head-of-Line Blocking (HOL)

Slide 64

Slide 64 text

HTTP Head-of-Line Blocking (keep-alive)

Slide 65

Slide 65 text

HTTP Request Header

Slide 66

Slide 66 text

HTTP Request Header

Slide 67

Slide 67 text

HTTP Request Header

Slide 68

Slide 68 text

Security is too Slow • HTTPS (HTTP over SSL, HTTP over TLS, HTTP Secure) • Use 443 port TCP/IP HTTP Server Client

Slide 69

Slide 69 text

Security is too Slow • HTTPS (HTTP over SSL, HTTP over TLS, HTTP Secure) • Use 443 port TCP/IP TLS Server Client HTTP

Slide 70

Slide 70 text

Security is too Slow • TCP handshake + TLS handshake Exchange HTTP req/res

Slide 71

Slide 71 text

Security is too Slow • TCP handshake + TLS handshake Exchange HTTP req/res

Slide 72

Slide 72 text

No content

Slide 73

Slide 73 text

Reduce the # of Request

Slide 74

Slide 74 text

Spriting

Slide 75

Slide 75 text

Spriting

Slide 76

Slide 76 text

Inlining - Data URI Scheme • Write the image resource in Base64 encoded string to reduce # of request

Slide 77

Slide 77 text

Minify and Merge CSS/Javascript • To reduce file size and # of requests

Slide 78

Slide 78 text

Minify and Merge CSS/Javascript • To reduce file size and # of requests

Slide 79

Slide 79 text

Domain Sharding • Web browser allows several parallel connections for one domain • Split resources over several domains

Slide 80

Slide 80 text

NOT A SOLUTION

Slide 81

Slide 81 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 82

Slide 82 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 83

Slide 83 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 84

Slide 84 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 85

Slide 85 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 86

Slide 86 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 87

Slide 87 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 88

Slide 88 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 89

Slide 89 text

Text Protocol’s Limitation • Ex) Detect message body length (From rfc7230)

Slide 90

Slide 90 text

No content

Slide 91

Slide 91 text

No content

Slide 92

Slide 92 text

No content

Slide 93

Slide 93 text

Security is too Slow

Slide 94

Slide 94 text

Security is not Slow • http://www.httpvshttps.com/

Slide 95

Slide 95 text

Security is not Slow • http://www.httpvshttps.com/

Slide 96

Slide 96 text

Security is not Slow but Fast • http://www.httpvshttps.com/

Slide 97

Slide 97 text

Security is not Slow but Fast Thanks to HTTP/2 • http://www.httpvshttps.com/

Slide 98

Slide 98 text

HTTP/2

Slide 99

Slide 99 text

HTTP/2 (2015) • A protocol for low-latency transport of content over the World Wide Web • Changes • Textual protocols à binary protocols • Head-of-line blocking à multiplexed and prioritized streams • Concurrent multiple TCP connections à one TCP connection • Redundant HTTP Headers -> Header compression with HPACK • Security -> All browers support HTTP/2 only on TLS • Server Push

Slide 100

Slide 100 text

Based on the Experimental SPDY Protocol • SPDY: A deprecated network protocol developed at for transporting web content TCP/IP TLS HTTP/1.1 TCP/IP TLS SPDY HTTP HTTP/1.1 Stack SPDY Stack TCP/IP TLS HTTP/2 HTTP/2 Stack

Slide 101

Slide 101 text

Binary Framing Layer

Slide 102

Slide 102 text

Binary Framing Layer

Slide 103

Slide 103 text

Multiplexed and Prioritized Streams on single TCP con. • Frames can be interleaved • All stream(sequence of frames)s are sent over single TCP connection • Streams have dependencies and weights to calculate the priorities • DATA frames are subject to per-stream and connection flow control

Slide 104

Slide 104 text

One TCP Connection

Slide 105

Slide 105 text

One TCP Connection

Slide 106

Slide 106 text

HPACK Header Compression • Header compression

Slide 107

Slide 107 text

HTTP/2 and TLS • TLS is optional, but major implementations are force TLS • Mozilla Firefox and Google Chrome • Why? • To protect user’s privacy • To avoid the tyranny of the middleboxes • They are upgraded much slower than edges TCP/IP TLS HTTP/2 HTTP/2 Stack

Slide 108

Slide 108 text

Server Push

Slide 109

Slide 109 text

No content

Slide 110

Slide 110 text

How to switch to HTTP/2?

Slide 111

Slide 111 text

Web Browsers are Ready

Slide 112

Slide 112 text

Our Server Already Supports HTTP/2 h2 h2

Slide 113

Slide 113 text

Our Server Already Supports HTTP/2 h2 h2

Slide 114

Slide 114 text

How about Our Clients? • Lockscreen: X • Feed: O • BARO: X S N I

Slide 115

Slide 115 text

How about Others?

Slide 116

Slide 116 text

OkHttp Supports HTTP/2 by Default

Slide 117

Slide 117 text

However

Slide 118

Slide 118 text

iPhone Changes the World

Slide 119

Slide 119 text

Network is Changed

Slide 120

Slide 120 text

HTTP/2 on Mobile Good Poor

Slide 121

Slide 121 text

Packet-Loss: WiFi > Wired Network 1.5% 2.0%

Slide 122

Slide 122 text

TCP is too Old • Introduced in 1974 (45 years old) • Designed to operate in wired network WaveLan (1986) Wi-Fi (1997) become popular 2010~

Slide 123

Slide 123 text

Handover: WiFi ⇄ LTE

Slide 124

Slide 124 text

Handover: From WiFi to LTE

Slide 125

Slide 125 text

TCP on Wireless Network

Slide 126

Slide 126 text

TCP Head-of-Line Blocking

Slide 127

Slide 127 text

No content

Slide 128

Slide 128 text

No content

Slide 129

Slide 129 text

HTTP/1.1 workarounds

Slide 130

Slide 130 text

HTTP/1.1 workarounds HTTP/2

Slide 131

Slide 131 text

HTTP/1.1 workarounds HTTP/2 HTTP/3?

Slide 132

Slide 132 text

HTTP/3

Slide 133

Slide 133 text

QUIC • An experimental transport layer network protocol introduced by in 2012 • TCP + TLS + HTTP/2 over UDP

Slide 134

Slide 134 text

QUIC • An experimental transport layer network protocol introduced by in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream

Slide 135

Slide 135 text

QUIC • An experimental transport layer network protocol introduced by in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream • To Prevent Ossification (경직화)

Slide 136

Slide 136 text

QUIC • An experimental transport layer network protocol introduced by in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream • HTTP • Binary Protocol • Multiplexed Streams • Prioritized Streams • One TCP Connection • Header Compression • HPACK à QPACK • Server Push • To Prevent Ossification (골화)

Slide 137

Slide 137 text

Why UDP? • Middleboxes allow TCP and UDP only • TCP has HOL • To move the transport layer from kernel mode to user mode • make development faster • make adoption and spread faster

Slide 138

Slide 138 text

Minimalized Handshake

Slide 139

Slide 139 text

Multiplexing

Slide 140

Slide 140 text

Handover: Connection Independent of IP Address Connection UUID

Slide 141

Slide 141 text

No content

Slide 142

Slide 142 text

HTTP/3 (2019) HTTP/3

Slide 143

Slide 143 text

QUIC with

Slide 144

Slide 144 text

QUIC with

Slide 145

Slide 145 text

QUIC with

Slide 146

Slide 146 text

Can I use HTTP/3?

Slide 147

Slide 147 text

TLS Library Support

Slide 148

Slide 148 text

Web Browser Support

Slide 149

Slide 149 text

Server Support

Slide 150

Slide 150 text

QUICHE

Slide 151

Slide 151 text

Implementations • IETF QUIC • C • AppleQUIC, f5, lsquic, ngtcp2, ngx_quic, pandora, picoquic, quant, quicly, Winquic • C++ • ats, lsquic, mozquic, mvfst • ETC • Java: kwik, go: minq, quic-go, rust: quiche, quicr, quinn, TypeScript: QUICker • Google QUIC • goquic, libquic, lsquic, quic-go, stellite, caddyserver • https://github.com/quicwg/base-drafts/wiki/Implementations

Slide 152

Slide 152 text

HTTP/3 Challenges • 3-7% something of all QUIC attempts fail • Clients need fall back algorithms • CPU intensive (2x ~ 3x) • Lack of APIs of TLS library (OpenSSL) • ARQ limitation • Automatic Repeat Request à Forward error correction may help

Slide 153

Slide 153 text

Summary • HTTP/0.9 • the first version with one method GET in ASCII over TCP • HTTP/1.0 • Many extensions are adopted • One request per one connection • HTTP/1.1 • The first standard version • Persistent connection improved performance, but brought HTTP HOL • Many workarounds have been made over 18 years • HTTP/2 • Binary multiplexed over TCP resolves HTTP HOL ß SPDY • HTTP/3 • Binary over multiplexed QUIC resolve TCP HOL ß QUIC

Slide 154

Slide 154 text

Advertisement • #dev-news • To share news related to dev, IT, tech etc. without interrupting your works

Slide 155

Slide 155 text

Thank you

Slide 156

Slide 156 text

References • https://http2.github.io/faq • http://www.httpvshttps.com/ • https://css-tricks.com/http2-real-world-performance-test-analysis/ • http://americanopeople.tistory.com/115 • https://hpbn.co/http1x/#concatenation-and-spriting • https://daniel.haxx.se/http2/ • https://daniel.haxx.se/http3-explained/ • https://developer.mozilla.org/en- US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP • https://youtu.be/21eFwbb48sE

Slide 157

Slide 157 text

References • https://stackoverflow.com/questions/393407/why-http-protocol-is- designed-in-plain-text-way • http://faculty.georgetown.edu/irvinem/theory/Berners-Lee-HTTP- proposal.pdf • http://info.cern.ch/hypertext/WWW/TheProject.html • HTTP/1.1: https://tools.ietf.org/html/rfc2068 • HTTP Over TLS: https://tools.ietf.org/html/rfc2818 • https://johngrib.github.io/wiki/why-http-80-https-443/ • https://httparchive.org/reports/state-of-the-web#h2 • https://medium.com/@DarkDrag0nite/how-http-2-reduces-server-cpu- and-bandwidth-10dbb8458feb

Slide 158

Slide 158 text

References • https://medium.com/platform-engineer/evolution-of-http-69cfe6531ba0 • https://www.popit.kr/%EB%82%98%EB%A7%8C- %EB%AA%A8%EB%A5%B4%EA%B3%A0-%EC%9E%88%EB%8D%98- http2/ • https://cs291.com/slides/2017/14_http2_quic • https://learning.linkedin.com/blog/tech-tips/why-encrypting-your- website-is-now-something-you-need-to-do • https://d2.naver.com/helloworld/140351 • https://developers.google.com/web/fundamentals/performance/http2/?h l=ko • https://royal.pingdom.com/http2-new-protocol/

Slide 159

Slide 159 text

References • https://docs.google.com/presentation/d/1r7QXGYOLCh4fcUq0jDdDwKJW NqWK1o4xMtYpKZCJYjM/present?slide=id.p19 • https://hpbn.co/http1x/ • Jeffrey Erman, et al., Towards a SPDY’ier Mobile Web?, 2013 • https://cloudplatform.googleblog.com/2018/06/Introducing-QUIC- support-for-HTTPS-load-balancing.html • https://deview.kr/2016/schedule#session/178 • https://www.youtube.com/watch?v=3c3Rt6QbHDw • https://www.slideshare.net/shigeki_ohtsu/quic-overview • https://daniel.haxx.se/blog/2019/01/21/quic-and-missing-apis/ • New applications above QUIC

Slide 160

Slide 160 text

References • HTTP/3 is the next coming HTTP version • https://blog.erratasec.com/2018/11/some-notes-about-http3.html • https://blog.codavel.com/2018/09/17/quic-vs-tcptls-and-why-quic-is- not-the-next-big-thing • QUIC: in Theory and Practice - Robin Marx | DeltaV 2018 • https://blog.codavel.com/2018/09/17/quic-vs-tcptls-and-why-quic-is- not-the-next-big-thing • https://github.com/quicwg • https://github.com/quicwg/base-drafts/wiki/Implementations