HTTP/2 - The future of the Web today (NDC Sydney 2017)

HTTP/2
the future of the web today
@robdcrowley | robdcrowley
https://www.flickr.com/photos/79909830@N04/15599391872

View Slide

Slides are available at
https://bit.ly/ndcsydney-http2

View Slide

Goals for the session
- Explore the evolution of HTTP from a simple one line protocol to
being the rich full featured one we know.
- Look at the motivations for HTTP/2 and investigate its major
features.
- Take an in depth look at Server Push, one of the key new HTTP/2
features and the current browser support.
- Most of all, encourage you all learn more about HTTP/2 and
migrate your applications across to leverage it

View Slide

HTTP is the foundation of data communication for
the World Wide Web.

View Slide

Internet Protocol Stack
Network
Access
IP
TCP UDP
DNS, TFTP etc.
Application Layer
Network Layer
Internet Layer
Transport Layer
HTTP
, FTP etc.

View Slide

Internet Protocol Stack
Network
Access
IP
TCP UDP
DNS, TFTP etc.
Application Layer
Network Layer
Internet Layer
Transport Layer
Network
Access
IP
TCP
HTTP
, FTP etc.
HTTP
, FTP etc.

View Slide

TCP/IP vs OSI
7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data Link
1. Physical
Network Access
Internet
Transport
Application
OSI
TCP/IP

View Slide

Network Performance 101
Cable ISP ISP Ethernet
…
WIFI
Latency: The time from the source sending a packet to the destination receiving it.
Bandwidth: Maximum throughput of a logical or physical communication path.

View Slide

1990
HTTP/0.9
The abridged history of HTTP

View Slide

HTTP/0.9 was the ultimate MVP

View Slide

> telnet example.com 80
connected to 74.128.xxx.xxx
GET /about/
(hypertext response)
(connection closed)

View Slide

1996
HTTP/1.0

View Slide

1996
HTTP/1.0
Adhoc
Changes

View Slide

“This HTTP thing is really taking off. We should
catalog all the de facto standard protocol
extensions that been adopted.”

View Slide

HTTP/1.0 was not a standard but rather a compilation
of best practices that had emerged.

View Slide

1999
HTTP/1.1

View Slide

HTTP/1.1 was a massive success.

View Slide

Connection: Keep-Alive provided the much needed
ability to persist TCP connections across requests.

View Slide

Pipelining never gained widespread support,
largely due to implementation complexity.

View Slide

We are now going to travel back through time to
1999 when the web was a simpler place.

View Slide

http://web.archive.org/web/19990508070818/http://www3.yahoo.com:80/

View Slide

http://web.archive.org/web/19990508070818/http://www3.yahoo.com:80/
This is the era when ruled page layouts

View Slide

http://web.archive.org/web/19990117032727/http://www.google.com:80/

View Slide

So what precipitated the need for a new version of
HTTP?

View Slide

1999
HTTP/1.1

View Slide

1999
HTTP/1.1
Rob’s first
website

View Slide

1999
HTTP/1.1
Rob’s first
website
2004
“Web 2.0”

View Slide

Web page weight gain
700 kB
80
3284 kB
108
# requests
page size
2010 2017

View Slide

TCP is optimized for long flows…
…web pages typically have many short ones

View Slide

“For HTTP/1 74% of our active connections carry just
a single transaction - persistent connections just
aren't as helpful as we all want.”
- Patrick McManus, Mozilla

View Slide

“You don't have to be an engineer to be a racing driver,
but you do have to have mechanical sympathy.”
- Jackie Stewart

View Slide

Issues with HTTP/1.x
Head-of-line
Blocking
Lack of
Parallelism
Protocol
Overhead

View Slide

Only one request can be outstanding on a connection
at any point in time
Image via https://www.flickr.com/photos/ivoposthumus/8385430378

View Slide

Head of line blocking
Slow Response

View Slide

Poor bandwidth utilization
Processing request
Processing request
Network idle
Network idle

View Slide

:authority: www.bankwest.com.au
:method: GET
:path: /etc/clientlibs/dtm/bw-dtm-config/af27f6333b4c7c76398b2602be76dbf96
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.8
cache-control: no-cache
cookie: JSESSIONID=BE056DF42B8A33245443C18C6BDD83DE; AWSELB=D739253506AB16
4225E86F8ADB10064C84FD43D1730B9B017999C004025758CEC0F5F93E55CB1934783B2FF7
670F03C545EDCB976AF90500354D65C74362F403; AMCVS_C7671CFE532E6D320A490D45%4
AdobeOrg=1; s_vnum=1505269579970%26vn%3D1; existingSession=true; s_ppvl=bw
credit-cards%253Acompare-business-credit-cards%253Amastercard-low-rate%2C3
user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWe
Headers are sent on every request

View Slide

:authority: www.bankwest.com.au
:method: GET
:path: /etc/clientlibs/dtm/bw-dtm-config/af27f6333b4c7c76398b2602be76dbf96
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.8
cache-control: no-cache
cookie: JSESSIONID=BE056DF42B8A33245443C18C6BDD83DE; AWSELB=D739253506AB16
4225E86F8ADB10064C84FD43D1730B9B017999C004025758CEC0F5F93E55CB1934783B2FF7
670F03C545EDCB976AF90500354D65C74362F403; AMCVS_C7671CFE532E6D320A490D45%4
AdobeOrg=1; s_vnum=1505269579970%26vn%3D1; existingSession=true; s_ppvl=bw
credit-cards%253Acompare-business-credit-cards%253Amastercard-low-rate%2C3
user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWe
Headers are sent on every request
A lot of duplicate data is transferred uncompressed across the wire.

View Slide

We have hacked out HTTP1/x best practices
https://www.flickr.com/photos/canadianveggie/6774413477

View Slide

Domain Sharding

View Slide

Domain Sharding
static1.example.com
static2.example.com
static3.example.com
Modern browsers will open at most 6 concurrent connections to any single origin.
Sharding requests across multiple domains allows us to overcome this limitation.
This comes at a cost however….

View Slide

The cost of establishing a connection
SYN
SYN ACK
ACK
Client Hello
Server Hello
Certificate
Server Hello Done
Client Key Exchange
Change Cipher Spec
Finished
Change Cipher Spec
Finished

View Slide

…and we’re not done yet. TCP starts slowly.
GET /me.webp 10 x TCP Packet
10 x ACK
14600 bytes
20 x TCP Packet
29200 bytes
20 x ACK
6 x TCP Packet
7400 bytes
6 x ACK
Size = 50Kb
Initial cwnd = 10

View Slide

Image via https://www.flickr.com/photos/volvob12b/8096363022
Increases risk of network congestion and packet loss

View Slide

Ensure page level optimizations align with
any overarching Quality of Service (QoS) policy.

View Slide

Image Sprites

View Slide

To get just one sprite, the browser
must download and decode the
entire image.
Likewise if just one sprite changes
the entire cached image on the
client is invalidated.
We are trading cache efficiency for
reduced network requests.

View Slide

Resource Concatenation
Image via https://www.flickr.com/photos/samcatchesides/3326878608

View Slide

JavaScript and CSS bundles
{ } { } { }
{ }
{;} {;} {;}
{;}
bundle.css bundle.js

View Slide

{ } { } { }
{ }
{;} {;} {;}
{;}
X

View Slide

{ } { } { }
{ }
{;} {;} {;}
{;}
When just one resource changes the entire cached bundle is invalidated
X
X

View Slide

Resource Inlining
Image via https://www.flickr.com/photos/backpackphotography/2318062662

View Slide

Above the fold CSS is a good
candidate to be inlined.

View Slide

url(data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAkACQAAD/4QBGRXhpZgAATU0AKgAAAAgABAESAAMAAAABAAEAAFEQ
AAEAAAABAQAAAFERAAQAAAABAAAAAFESAAQAAAABAAAAAAAAAAD/2wBDAAIBAQIBAQICAgICAgICAwUDAwMDAwYEBA
MFBwYHBwcGBwcICQsJCAgKCAcHCg0KCgsMDAwMBwkODw0MDgsMDAz/2wBDAQICAgMDAwYDAwYMCAcIDAwMDAwMD
AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz/wAARCAAPAEADASIAAhEB
AxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUE
GE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dn
d4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8
QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcR
MiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl
6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6
/9oADAMBAAIRAxEAPwD9NvHHinxZrHxD+Iws/GGuabH4evN1vANRaG32vdLDsJLAIo3gj6Y71zd7rXxU037YLjxB4khk08sLlG1k7
oQs4tyxAf7olIXPcHcMr81d/wDE79nD4gJ8SfFlzoumWGraP4mnE0vmXEaCVPMEwjYM6su2RQcqedo5wSKqXfwk+Mmo2V1Dd
aFpt19u877RI9xbrJMZZ0nYkrIBkPGmCAMKAvQKB/KeYZRmssRWVWli1JOpZwU3GT9pNxfVW5XCzjpZPTZv95weYYGNGm6c8O
4tQupOKklyRTXR35lK9+680uesP+FlR3t9DqXirxLatbWepSxiDVjcl7iyjDvAwSQ4PKj/AIEMZwRVDRtS+KniK4WGx8R69dyNfNpoW
PXMn7QsLzGP7/Xy43OehKFQSwIrsJfhL8Zpbm4m/sSxjmupL2V5I7yFGV7xVWdlIlypIVcEfdxkYNQn4MfGRPEF9qUOj2drc6lc2t5
d+Tc2yJcTWziSORl343bxuYj7xLE5yc41Mpx14pUcdyqWuk+Zx5V1ta/MrbaRd9WrPSOYYazbqYW9tNYWTv2ve3Lrvq1bS91ymlal
8WNctLOez1zxNcR3+z7OV1Zv3gaWOEHlxgCWREOcbW3A42ttgv8Axb8QNM8Fza1P401pYodQTTfIGqymbzDD5pyM/LtBUFT8
wJYEKVOemn/Z6+LF7pNnZ3fh3T74afNNPbzT3Nu00ZmcySDcJBkNIS+SNyknaVBIqbxN8CvjB4w0aex1HRba6hnuIbovJewPMsk
UAgU+Y0pZiY1AYuWJIznJOeOeT5t7GThSxvPy6XVS3Ny63slZKWi1ldWbtqjphmGB9olOpheW+tnC/Lfzbu3HfRWd0r6MzfBuv+N
fiJ4kmtofF3iq3jtrG1ncw3kzfet48njPO9gTnAwXYn5cHpNB1zxp8NPjJ4St7rxPr2p2esan9ilivppJImi3JGeH43bvNII52pG3G8qMe2
/Zh+Jfh7xPZatp+iW7TRWkUeGvYMxsLcQOp+fvhiCCcqwzyWUaHg79nL4iv8ZdA8QaxosMcVnf20tzKt5A22KNwegfJCqAqgDhV
Uc459jLsLnUPZwlhsT7b2yfP+95VDnTv2tbRp9Nb9DzMZVy6fNKNeh7L2T933L83K1bve+qffS3U//Z)
We also inline using DataURIs…
…resulting in larger downloads
and overriding browser priorities

View Slide

These best practices create a tension...
…between development and production

View Slide

Build tools help address this impedance mismatch

View Slide

The cost of such tooling is managing the added complexity

View Slide

2009
SPDY

View Slide

Latency is the new bottleneck
https://www.belshe.com/2010/05/24/more-bandwidth-doesnt-matter-much/

View Slide

Latency is the new bottleneck
https://www.belshe.com/2010/05/24/more-bandwidth-doesnt-matter-much/
In many scenarios latency, not bandwidth, is the constraining
factor on network performance.

View Slide

2015
HTTP/2

View Slide

HTTP/2 is a protocol designed for low-latency
transport of content over the World Wide Web

View Slide

Adoption is rising with 16.2% of websites now
leveraging HTTP/2 *
* source: https://w3techs.com (2017-09-15)

View Slide

HTTP/2 respects existing HTTP semantics.
Not breaking the web is a good idea.

View Slide

With HTTP/2 all communication occurs over a
single TCP connection per origin.

View Slide

HTTP/2 Binary Framing
POST /products HTTP/1.1
Content-Type: application/json
Content-Length: 21
HTTP/1.1 HTTP/2
DATA frame (payload)
HEADERS frame (meta-data)
{
“name”: “Hero Saver”
}

View Slide

HTTP/2 Binary Framing
Client Server
HTTP/2 Connection
Stream 1
DATA
Stream 2
HEADERS
Stream 2
DATA
Stream 1
DATA
Stream 2
DATA
Stream 5
DATA
Stream 4
DATA
Multiplexing is possible as frames can be interleaved

View Slide

Better bandwidth utilization
As request streams can be multiplexed the client no longer needs to queue requests.

View Slide

Only 25% of HTTP/2 connections carry a single
transaction.

View Slide

With the efficiency that streams bring we are finally in a
position to maximise the benefit of HTTP caching.

View Slide

With HTTP/2 the browser relies on the server to deliver
data in an optimal way.

View Slide

Stream Prioritization
With HTTP/1.x the browser defines
the priority.
With HTTP/2 the browser hints the
priority via stream weights and
dependencies.
The server is not obligated to respect
these hints.
*
id:A
w:1
id:B
w:4
id:C
w:4
id:D
w:8
id:E
w:2

View Slide

HTTPS/2
Image via https://www.flickr.com/photos/sugarhiccuphiccup/4617472996

View Slide

The Internet is strewn with middle-box debris
Image via https://www.flickr.com/photos/usfwspacific/33882304895

View Slide

Middle-box debris
Client Server
A lot of middle-boxes on the internet assume HTTP would never change.
They expect text based traffic over port 80 and HTTP/2 binary data causes
interoperability issues, mostly resulting in termination of the connection.
In trials, between 20-30% of HTTP/2 traffic over port 80 was affected.
Firewall WAN Optimizer IDS NAT
X

View Slide

When served over HTTP/2 over TLS, version 1.2 or
higher must be used along with perfect forward
secrecy cypher suites.

View Slide

HTTPS adoption more than doubled in 2016 and now
accounts for more than 50% of traffic on the web.

View Slide

For many sites, deploying HTTPS will be the
most difficult part of migrating to HTTP/2.

View Slide

Protocol negotiation with ALPN (RFC 7301)
Client Hello ( ALPN Extension + List of Protocols )
Server Hello ( ALPN Extension + Selected Protocol )
ALPN performs the equivalent function that Next Protocol
Negotiation (NPN) did in SPDY.

View Slide

Header Compression via HPACK
https://www.flickr.com/photos/23119666@N03/16159122789

View Slide

HPACK (RFC 7541)
Techniques
▪ Index value for common header/values
▪ Indexed list of previously sent headers
▪ Huffman encoding to compress value
Static Table
▪ Predefined common headers/values
Dynamic Table
▪ Maximum size

View Slide

192.168.10.101
192.168.10.101
https://www.example.com
https://www.cnd.example.com
Connection Coalescing
A TCP connection will be reused
between two origins if:
▪ The origins resolve to the same
server IP address.
▪ The origins are covered by the
same TLS certificate.

View Slide

Mitigating latency is fine but they should have fixed

View Slide

“HTTP/2 isn’t magic Web performance pixie dust; you
can’t drop it in and expect your page load times to
decrease by 50%.”
- Mark Nottingham

View Slide

SERVER
Image via https://www.flickr.com/photos/mryipyop/1673801831/

View Slide

Server Push
Processing request

View Slide

Server Push
Processing request
Client can reject
push promise via
RST_STREAM

View Slide

A client may choose to opt out of Server Push via
SETTINGS frame.

View Slide

HTTP/2 push is a low-level networking feature, its
available to anything that uses the networking stack.

View Slide

Server Push
Page
Service
Worker
HTTP
Cache
Server
Push
Cache
HTTP/2
Connection
An item can only be read from the push cache once.
The push cache has the lowest priority. If a matching item is found in an upstream
cache, then the value in the push cache will not be used.

View Slide

If the connection is closed then it’s push cache is
also lost.

View Slide

Requests without credentials use a separate
connection. Handling these scenarios are key.
fetch(url, {credentials: 'include'});

View Slide

Browser support is well…inconsistent

View Slide

Use User-Agent sniffing to only push resources to
particular browsers.

View Slide

A bad server push strategy will perform worse
than not supporting it at all.
Caveat Emptor

View Slide

“An interesting observation about network-based
applications is that the best application performance is
obtained by not using the network.”
- Roy Fielding

View Slide

Cache Digest will allow clients to inform the server of
the resources they already have.

View Slide

So now we have Server Push do we need
or
anymore?

View Slide

Good ideas with both HTTP/1.x and HTTP/2
Image via https://www.flickr.com/photos/lloydcrew/3263012874

View Slide

Minimize DNS lookups
Requests are blocked by unresolved names

View Slide

Reuse existing TCP connections
Establishing a connection is expensive

View Slide

Minimize number of HTTP redirects

View Slide

Minimize data sent across the network through
removing waste and effective caching

View Slide

Use a CDN to reduce latency including uncached
origin fetches

View Slide

https://www.flickr.com/photos/rowenaoscura/8937849314
Tools to make your HTTP/2 life easier

View Slide

chrome://net-internals

View Slide

webpagetest

View Slide

wireshark

View Slide

QUIC

View Slide

Serving HTTP/2 over TCP removes head-of-line
blocking at the application layer but not the
transport layer.

View Slide

QUIC
- A key goal of QUIC is reduce
TLS handshake overhead.
- 0 RTT for resuming session
- 1 RTT for new session
- Head-of-line blocking is
eliminated at the transport
layer.
IP
UDP
QUIC
HTTP/2 API

View Slide

So now you know HTTP/2, go try it out.

View Slide

Questions
https://www.flickr.com/photos/abulic_monkey/1802610068

View Slide

HTTP/2 - The future of the Web today (NDC Sydney 2017)

HTTP/2 - The future of the Web today (NDC Sydney 2017)

Rob Crowley

More Decks by Rob Crowley

Other Decks in Programming

Featured

Transcript