HTTP2 for the web developer

Slide 1

Slide 1 text

Slide 2

Slide 2 text

Slide 3

Slide 3 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Too Long; Didn’t Attend 1. HTTP/2 is about solving latency issues,  but also introduces features with new possibilities  2.It retains the semantics of HTTP 1.1,  but dev + ops need to evolve  3. Server Push & Stream prioritization  are more complex than one might think  4. Support is on its way, adoption rate is great,  but still questions on deployment options & implementations 3

Slide 4

Slide 4 text

Slide 5

Slide 5 text

Slide 6

Slide 6 text

Slide 7

Slide 7 text

Slide 8

Slide 8 text

Slide 9

Slide 9 text

Slide 10

Slide 10 text

Slide 11

Slide 11 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP usage: reality check • > 18 domains  • Max 50 req / domain 11 Source: http://httparchive.org/trends.php

Slide 12

Slide 12 text

Slide 13

Slide 13 text

Slide 14

Slide 14 text

Slide 15

Slide 15 text

Slide 16

Slide 16 text

Slide 17

Slide 17 text

Slide 18

Slide 18 text

Slide 19

Slide 19 text

Slide 20

Slide 20 text

Slide 21

Slide 21 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Streams 21 Client Server Stream: 3  HEADERS Stream: 5  HEADERS Stream: 5  DATA Stream: 3  HEADERS Stream: 3  DATA Stream: 5  HEADERS Stream: 3  DATA

Slide 22

Slide 22 text

Slide 23

Slide 23 text

Slide 24

Slide 24 text

Slide 25

Slide 25 text

Slide 26

Slide 26 text

Slide 27

Slide 27 text

Slide 28

Slide 28 text

Slide 29

Slide 29 text

Slide 30

Slide 30 text

Slide 31

Slide 31 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ SSL Keylog file content 31 CLIENT_RANDOM <64 bytes of hex encoded client_random>   <96 bytes of hex encoded master secret>

Slide 32

Slide 32 text

Slide 33

Slide 33 text

Slide 34

Slide 34 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Server implementations (native) • Apache Traffic Server • Nginx (alpha patch) • apache httpd (mod_h2) • h2o • nghttp2.org 34

Slide 35

Slide 35 text

Slide 36

Slide 36 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Application Layer Protocol Negotiation • protocol negotiation in TLS handshake  • formerly NPN  • vs. protocol Upgrade in HTTP 1.1  • your SSL/TLS implementation must support it 36

Slide 37

Slide 37 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ ALPN and JDK support • JDK6 only supports TLSv1 • JDK7 supports TLSv1.2 • JDK8 supports TLSv1.2 (default) • JDK9 will support ALPN • Note: JSSE ciphers support… 37 Source: https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https

Slide 38

Slide 38 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ ALPN support with JDK7 and JDK8 • using jetty-alpn.jar  • overrides sun.security.ssl.{ClientHandshaker,ServerHandshaker}  • java -Xbootclasspath/p: …  • jar version compatibility check with JDK version 38 Source: https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https

Slide 39

Slide 39 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ JDK9 improvements • ALPN support (work in progress) • cipher updates • HTTP/2 Client • replace HTTPUrlConnection • async notifications on headers, body, server push… • CompletableFuture and lambdas 39 JEP 110: https://bugs.openjdk.java.net/browse/JDK-8042950

Slide 40

Slide 40 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Servlet 4.0 • Servlet 3.1 shipped with async IO  • Supporting http/2 additional capabilities  (stream prioritization & server push APIs) • Considering Reactive Streams support and java.util.concurrent.Flow 40 Source: https://java.net/projects/servlet-spec/lists/jsr369-experts/archive/2015-08/message/1

Slide 41

Slide 41 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Reactive Streams • reactive-streams.org • « Asynchronous stream with non-blocking back-pressure » 41 « Introduction to Reactive Programming »  Stephane Maldini, Rossen Stoyanchev  10:30 AM today!

Slide 42

Slide 42 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 Flow Control 42 Client Server Stream: 5  HEADERS Stream: 5  DATA Stream: 5  DATA Stream: 5  WINDOW_UPDATE  xx octets

Slide 43

Slide 43 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Differentiating features • IO & programming model • Optional features in HTTP/2 • Server Push • Stream prioritization • Proxy capacities 43

Slide 44

Slide 44 text

Slide 45

Slide 45 text

Slide 46

Slide 46 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 responses in global traffic (Firefox 40) 46 Source: telemetry.mozilla.org SSL 48 % cleartext 52 % 1 % h2 14 % http 1.1 85 %

Slide 47

Slide 47 text

Slide 48

Slide 48 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 1: Improve TCP support on servers • Upgrade Linux kernels to 3.2+ • Set Initial Congestion Window to 10 segments  • TCP Fast Open support  • Proportional Rate Reduction 48

Slide 49

Slide 49 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 2: Enforce HTTP 1.1 best practices • Cache-Control and ETag headers • gzip/deflate  • image compression / media queries  • get ready to remove HTTP 1.1 workarounds 49

Slide 50

Slide 50 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 3: Assess your infrastructure • Compatible with long-lived/single connections? • Failover strategies, proxies/load balancers compatible?  • Network devices/software relying on HTTP 1.1 cleartext ?  • monitoring tools, custom metrics, etc 50

Slide 51

Slide 51 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 4: Secure your application with TLS • New requirements for certificates: SHA256 RSA, 2048bits • TLS v1.2 (limited list of ciphers)  • h2c won’t really help here  • letsencrypt.org 51

Slide 52

Slide 52 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 5: Undo HTTP1.1 workarounds? • Most of those are harmful when applied to HTTP/2 • What about supporting both HTTP 1.1 & HTTP/2 52

Slide 53

Slide 53 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 6: Update your development toolset • Web developer tools, Wireshark, NSSKeyLog • Test your app with latency! 53

Slide 54

Slide 54 text

Slide 55

Slide 55 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Push_Promise 55 Client Server Stream: 5  HEADERS  GET /resource Stream: 5  PUSH_PROMISE  Promised Stream: 8  GET /other Stream: 8  DATA Stream: 5  HEADERS Stream: 8  HEADERS

Slide 56

Slide 56 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 Server Push // Latency solved! Off to the pub!  @HttpPush("/*.css", "/*.js") public void myControllerHandler() { // Some code here } 56

Slide 57

Slide 57 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Push_Promise: already cached! 57 Client Server Stream: 8  RST_STREAM  CANCEL Stream: 5  PUSH_PROMISE  Promised Stream: 8  GET /other Stream: 8  HEADERS Stream: 5  PUSH_PROMISE  Promised Stream: 9  GET /something Stream: 9  RST_STREAM  CANCEL

Slide 58

Slide 58 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Push Promise: order of frames « The server SHOULD send PUSH_PROMISE (Section 6.6) frames prior to sending any frames that reference the promised responses. This avoids a race where clients issue requests prior to receiving any PUSH_PROMISE frames. » 58 Source: https://httpwg.github.io/specs/rfc7540.html#rfc.section.8.2.1.p.1

Slide 59

Slide 59 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Push_Promise: order of frames 59 Client Server Stream: 5  HEADERS  GET /index Stream: 5  PUSH_PROMISE  Promised Stream: 8  GET /main.css Stream: 5  DATA Stream: 5  HEADERS Stream: 11  HEADERS  GET /main.css Duplicate!?!

Slide 60

Slide 60 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Server push; code example @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { // Pushing resources here chain.doFilter(req, resp); // Too late? } 60

Slide 61

Slide 61 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Jetty PushCacheFilter • Use the « Referer » HTTP header • Maintain a Map of page -> List of resources • Automatically pushing associated resources • Limits? 61

Slide 62

Slide 62 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Is pushing everything really efficient? • Only when page loaded with empty cache? • Resources already cached? • All pushed resources necessary for initial render?  Or app ready to be used? • Maintain the list of resources to push manually? • Aren’t we denying all browser heuristics? 62

Slide 63

Slide 63 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ So what do we need? • Private browser info: cache state, CPU, battery • Knowledge of Browser internals (layout, painting?) • Could we have priority information for each resource? 63

Slide 64

Slide 64 text

Slide 65

Slide 65 text

Slide 66

Slide 66 text

Slide 67

Slide 67 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Firefox 67 Fake streams Real streams Stream 0 S3;W200  « leader » S5;W100  « other » S7;W0 « background » SB;W1 « followers » html, js, css  streams images  streams XHR, async JS  streams Beacons  streams

Slide 68

Slide 68 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Chromium (SPDY leftovers) 68 Fake streams Real streams Sources: http://blog.kazuhooku.com/2015/04/dependency-based-prioritization-makes.html   https://code.google.com/p/chromium/issues/detail?id=500673 Stream 0 html streams W256 css streams  W220 images streams  W110 script streams  W183

Slide 69

Slide 69 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Is this enough? • Is there a way to manually set a priority on a resource?  • So HTTP/2 Server Push is the only mechanism to improve latency? • This works only for our own resources, what about 3rd party resources like fonts, JavaScript libraries? 69

Slide 70

Slide 70 text

Slide 71

Slide 71 text

Slide 72

Slide 72 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resource Hints: a W3C draft Assisting User Agents in their decision process of fetching resources.  http://w3c.github.io/resource-hints/ 72

Slide 73

Slide 73 text

Slide 74

Slide 74 text

Slide 75

Slide 75 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resource Hints, HTTP headers Link: ; rel=dns-‐prefetch Link: ; rel=preconnect Link: ; rel=prefetch Link: ; rel=prerender 75

Slide 76

Slide 76 text

Slide 77

Slide 77 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resource Hints browser support Link: ; rel=dns-‐prefetch Link: ; rel=preconnect Link: ; rel=prefetch Link: ; rel=prerender 77

Slide 78

Slide 78 text

Slide 79

Slide 79 text

Slide 80

Slide 80 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Performance: combining strategies is the key We need to consider:  • Server implementation • Browser capabilities • HTTP/2 features • front-end « optimization » • Hosting Infrastructure 80

Slide 81

Slide 81 text

Slide 82

Slide 82 text

Slide 83

Slide 83 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Packaging your app with ALPN • Snowflakes in production? • Repeatable staging • Runtime support with Cloud Foundry buildpacks? 83

Slide 84

Slide 84 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Distributing secrets… Making certs+keys available in a distributed environment:  • Spring Cloud Config server? • Tools for managing secrets (Vault?) 84

Slide 85

Slide 85 text

Slide 86

Slide 86 text

Slide 87

Slide 87 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Microservices: a perfect match! Use case:  • request/response • REST + JSON • RPC (protobuf, hessian) • Low latency • secure 87

Slide 88

Slide 88 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HAL + Server Push {  ... "_links": { "self": { "href": "/issue/123456" }, "assigned": { "href": "/user/bclozel" } } } 88 Push this resource?

Slide 89

Slide 89 text

Slide 90

Slide 90 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 90 Enjoy SpringOne2GX! Don’t miss « Introduction to Reactive Programming » - 10:30AM, this room Learn More. Stay Connected. @springcentral Spring.io/video

Slide 91

Slide 91 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Safe Harbor Statement The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. These purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation. 91