High-Performance iOS Networking

Transcript

1. High Performance iOS Networking @smithclay · New Relic UIKonf ·

   23 May 2016 · Berlin

2. This talk: tech notes • iOS 9 only (changes in

   iOS 10?) • NSURLSession is assumed (AFNetworking 2.0+) • Not about the absence of a network connection. • No code—focus on the network layer and server-side. Don't block the main thread.

3. Your App Backend HTTP(S) Vintage client—server

4. Your App Authentication Messaging Dynamic Content Analytics Advertising HTTP 2016

   reality:

5. c Max speed limit

6. Full TCP handshake Device Server 1. SYN 2. SYN/ACK 3.

   ACK Data { Round trip {

7. San Francisco 9142 km Singapore 16093 km Latency

8. How do we reduce network latency?

9. TCP Fast Open http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37517.pdf https://datatracker.ietf.org/doc/rfc7413/

10. TCP handshake + TFO Device Server 1. SYN 2. SYN/ACK+cookie

    3. ACK Data { Round trip {

11. TCP handshake, #2 Request Device Server 1. SYN+cookie 2. SYN/ACK+data

    { Round trip

12. TCP Fast Open Guide • Only for idempotent data (HTTP

    GET) • Needs Linux Kernel v4.1 • https://developer.apple.com/videos/play/ wwdc2015/719/ • http://devstreaming.apple.com/videos/wwdc/ 2015/719ui2k57m/ 719/719_your_app_and_next_generation_net works.pdf?dl=1 (Implementation details)

13. Does it work with NSURLSession? No :(

14. Transport Layer Security (TLS)

15. App Transport Security nscurl --ats- diagnostics <url> TLS 1.2, Strong

    certificates

16. Full TCP + TLS handshake Device Server Data Transfer {

    Round trip 1. SYN 2. SYN/ACK 3. ACK { { TLS, +2 RTTs Cool demo (browser-based): https://tls.openmirage.org/

17. Use a CDN if possible TLS tuning for iOS (server-side)

    Reduce RTTs (False start, session resumption) Coming soon (?): TLS 1.3 Visit istlsfastyet.com https://developer.apple.com/library/ios/qa/qa1727/_index.html

18. HTTP/2

19. None

20. TCP Multiplexing in HTTP/2 Device Server* Connection closes Connection opens

    https://blog.newrelic.com/2016/02/09/http2-best-practices-web-performance/ *TLS Required

21. Nice H2 features Header Compression (HPACK) Server Push (not supported

    on iOS... yet) Stream Priorities (not supported on iOS)

22. HTTP/2 backend support? https://tools.keycdn.com/http2-test openssl s_client -alpn h2 -connect google.com:443

    | grep ALPN · https://blog.newrelic.com/2016/02/17/http2-production/ * OpenSSL 1.0.2g or greater needed *

23. Use a CDN (shortcut) H2 implementation tips Consider server-side TCP

    tuning (initcwnd) Use keep-alive for HTTP 1.1 clients Measure before + after https://tools.ietf.org/html/draft-stenberg-httpbis-tcp-00

24. Caching with NSURLSession

25. Use the Cache-Control header • NSURLRequestUseProtocolCachePolicy (default policy for NSURLSession)

    observes the protocol spec. • Cache-Control: max-age=<seconds>, public http://nshipster.com/nsurlcache/ https://tools.ietf.org/html/rfc7234

26. The ETag Header Device Server 200 OK Last-Modified: Mon, 22

    ETag: ad87... GET /fave-cats.json https://en.wikipedia.org/wiki/HTTP_ETag GET /fave-cats.json If-None-Matched: ad87.. 304 Not Modified

27. Debugging

28. CFNETWORK_DIAGNOSTICS https://developer.apple.com/library/ios/qa/qa1887/_index.html

29. Example log

30. Remote Virtual Interface • rvictl creates an interface for packet

    capture tools (i.e. wireshark) • Device must be plugged in using USB https://developer.apple.com/library/mac/qa/qa1176/_index.html http://useyourloaf.com/blog/remote-packet-capture-for-ios-devices/

31. Wireshark setup Download: http://wireshark.com/

32. ...see all the packets

33. Instruments: Network Must test on a real device.

34. Meh. Must test on a real device.

35. HTTP Proxies • mitmproxy: mitmproxy.org (0.16 supports HTTP/2!) • charlesproxy.com/Fiddler

    (Nice UI, paid, no HTTP/2 support yet) http://jasdev.me/intercepting-ios-traffic

36. mitmproxy: install notes 1.El Capitan python issues: use brew install

    python 2. For simulator, must set proxy on OS X to 127.0.0.1:8080 to start capturing HTTP(S) traffic. 3.Must install certificate after running proxy: go to http://mitm.it on simulator.

37. Inspect request/response http://docs.mitmproxy.org/en/latest/mitmproxy.html

38. Other tools: bad networks • https://github.com/facebook/ augmented-traffic-control • http://nshipster.com/ network-link-conditioner/

39. Checklist Repeat this 5 times: the network is unreliable*. Reduce

    the number of TCP connections. Don't implement your own caching scheme: use the protocol features. Test and measure network traffic regularly. *https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing

40. Last thought The person who uses your app doesn't care

    about network stuff. They just want it to be fast.

41. Thanks. @smithclay · New Relic UIKonf · 23 May 2016

    · Berlin Slides will posted on Twitter.