Upgrade to Pro — share decks privately, control downloads, hide ads and more …

QUIC and HTTP/3: the next step in web performance

Marcus Bointon
May 29, 2024
Technology
0
13

QUIC and HTTP/3: the next step in web performance

In recent years, the ways that we can deliver HTTP has improved in occasional leaps, from 1.0, 1.1, a big step to 2.0, and now 3.0. One of the biggest obstacles has been TCP, which isn't a great fit for HTTP, but we are stuck with it – or are we? QUIC is a reimagining of TCP that runs over "the other protocol", UDP, and integrates TLS 1.3, giving us a step up in performance and security. Discover how it works, how you can configure your servers and applications, and deploy and test it today.

This talk was given at the international PHP conference in Berlin, May29th, 2024.

Marcus Bointon

May 29, 2024
Tweet

More Decks by Marcus Bointon

See All by Marcus Bointon
Hands-on Privacy (IPC Munich 2023)
synchro
0
58
Picking the low hanging-fruit – Easy pentest wins (IPC Munich 2023)
synchro
0
76
Hansel & Gretel do TLS - PHPSW 2020
synchro
0
46
It's new, it's shiny, it's... email?
synchro
0
160
Understanding Privacy By Design – ConFoo 2020
synchro
0
200
Hansel & Gretel do TLS - PHPBenelux 2020
synchro
0
240
What's new in TLS 1.3 (ConFoo 2019)
synchro
0
58
Practical privacy - GDPR explained (ConFoo Montreal 2019)
synchro
0
250
Deploying IPv6 (IPC Munich 2018)
synchro
0
140

Other Decks in Technology

See All in Technology
EventHub Startup CTO of the year 2024 ピッチ資料
eventhub
0
110
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
1
220
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
150
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.8k
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
200
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
ドメイン名の終活について - JPAAWG 7th -
mikit
33
20k
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430

Featured

See All Featured
Embracing the Ebb and Flow
colly
84
4.5k
Site-Speed That Sticks
csswizardry
0
24
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
The Language of Interfaces
destraynor
154
24k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
GitHub's CSS Performance
jonrohan
1030
460k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Typedesign – Prime Four
hannesfritz
40
2.4k
KATA
mclloyd
29
14k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Documentation Writing (for coders)
carmenintech
65
4.4k

Transcript

  1. HTTP/3 & QUIC MARCUS BOINTON @ IPC BERLIN 2024 The

    next step in web performance

  2. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 HOW DID WE GET HERE? ▸ HTTP/0.9: 1991, RFC ▸ HTTP/1.0: 1996, RFC1945 ▸ HTTP/1.1: 1997, RFC2068,2616 ▸ HTTP/2: 2015, RFC7540 ▸ HTTP/3: 2022, RFC9114

  3. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 WHAT DID HTTP/2 CHANGE? ▸ Binary protocol ▸ More compact, header compression ▸ Multiplexing ▸ Multiple resources in a single connection, with prioritisation ▸ Server push ▸ TLS only

  4. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 WHAT PROBLEMS DOES HTTP/2 HAVE? ▸ Head of line blocking ▸ Network switching ▸ Connection re-establishment latency ▸ Dif fi cult to upgrade, TCP part of host OS networking stack ▸ Congestion control in TCP

  5. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 WHAT ARE QUIC AND HTTP/3? ▸ We can’t change TCP without replacing every device in the world ▸ Google designed QUIC as a workaround ▸ A reimagining of TCP implemented over UDP ▸ Combines TLS and HTTP/3 into a single protocol with reduced overhead ▸ Implemented in userland instead of OS ▸ You’re using it already

  6. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 CONFOO 2024

    HEAD-OF-LINE BLOCKING Image credit: http.dev client HTTP/2 server HTTP TCP Connection Request Internet 1 2 3 4 5 7 8 6 client server QUIC QUIC Internet UDP Connection Request 1 2 3 4 5 7 8 6

  7. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 CONFOO 2024

    NETWORK LAYERS HTTP IPv4 & IPv6 HTTP/1.1 TLS TCP HTTP/2 TLS 1.2 TCP HTTP/3 TLS 1.3 UDP QUIC

  8. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 CONFOO 2024

    INITIAL CONNECTION Client TCP TLS 1.2 HTTP/2 Server Client TCP TLS 1.3 HTTP/2 Server Client QUIC TLS 1.3 HTTP/3 Server

  9. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 CONFOO 2024

    RESUMED CONNECTION Client TCP TLS 1.3 HTTP/2 Server Client QUIC TLS 1.3 HTTP/3 Server

  10. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 NETWORK SWITCHING ▸ With TCP, switching networks requires re-establishing connections ▸ IP & port as identi fi er ▸ Breaks session resumption each time ▸ QUIC uses a connection ID that moves between networks ▸ More likely for session resumption to happen ▸ Privacy? Cycles through a list of random IDs

  11. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 HTTP/3 COMPRESSION ▸ HTTP/2 uses HPACK ▸ Relies on packets arriving in order ▸ Can cause HOLB ▸ HTTP/3 uses QPACK ▸ Slightly lower compression ratios ▸ Avoids HOLB

  12. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 HTTP/3 IMPLEMENTATIONS ▸ Client, servers, libraries ▸ Clients: Chrome, Edge, Firefox, Safari (iOS 15) ▸ Servers: Litespeed, Caddy, Nginx, HAProxy ▸ Not Apache! ▸ Libraries: h2o, nghttp3, libcurl, openssl 3.2.0 ▸ Cloud services: CloudFlare ▸ All in userland, so not so subject to OS stagnation

  13. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 HOW TO DEPLOY HTTP/3? ▸ How does a client know a server supports HTTP/3? ▸ Server can tell clients what protocols it can use ▸ Alt-Svc header ▸ DNS SVCB record

  14. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 ALT-SVC HTTP HEADER ▸ RFC7838 ▸ “Alternative service” ▸ Similar to HSTS for HTTPS ▸ Alt-Svc: h3=":443"; ma=3600, h2=":443"; ma=3600

  15. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 SVCB DNS RECORDS ▸ “Service binding” records, RFC9460 ▸ Saves an HTTP request, at the cost of a DNS lookup ▸ example.com 3600 IN HTTPS 1 . alpn="h3,h2" ▸ example.com 3600 IN HTTPS 1 . alpn="h3,h2" ipv4hint="192.0.2.1" ipv6hint="2001:db8 :: 1" ▸ example.com 3600 IN HTTPS 1 example.net alpn="h3,h2" ▸ example.com 3600 IN HTTPS 2 example.org alpn="h2"

  16. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 NGINX CONFIG EXAMPLE server { listen 443 ssl; listen [ :: ]:443 ssl; listen 443 quic; listen [ :: ]:443 quic; http2 on; add_header Alt-Svc 'h3=":443"; ma=86400'; ...

  17. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 UFW APPLICATION CONFIG [Nginx QUIC] title=Web Server (Nginx, HTTP + HTTPS + QUIC) description=Small, but very powerful and efficient web server ports=80,443/tcp|443/udp Enable with: ufw allow from any to any app "Nginx QUIC"

  18. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 SECURITY UPGRADE ▸ QUIC requires TLS 1.3 ▸ Lower overhead ▸ No weak cipher suites, KX, or hashes ▸ Forward secrecy ▸ Downgrade detection ▸ More is encrypted

  19. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 OPTIMISING FOR HTTP/3 ▸ The same as HTTP/2 ▸ Only use a few domains ▸ Don’t worry about bundling ▸ Request count doesn’t really matter ▸ Use defer / preload / async ▸ Use lazy loading

  20. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 TESTING HTTP/3 ▸ https://http3check.net/ ▸ "HTTP Indicator” Chrome extension ▸ Dev tools will show “h3” as the protocol; right-click table header to enable ▸ Remember browser will connect via HTTP/2 fi rst

  21. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 IS IT ACTUALLY FASTER? ▸ It depends ▸ It's dif fi cult to measure ▸ Biggest payoff will be in situations where its features make a difference: ▸ Low-bandwidth ▸ High congestion ▸ High latency ▸ Network switching

  22. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 HTTP/3 PROBLEMS ▸ Networks might block UDP ▸ Version discovery latency ▸ It’s new, so will have more bugs ▸ More is encrypted, makes it harder to diagnose network issues ▸ Not so corporate friendly

  23. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 THE FUTURE OF QUIC ▸ QUIC deliberately dynamic spec ▸ Version 2 (RFC9369) essentially unchanged ▸ Mainly to exercise ability to update ▸ Prevent "ossi fi cation", like MIME 1.0 ▸ Pluggable congestion control ▸ Other protocols over QUIC – DNS, SSH

  24. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 FURTHER READING ▸ https://www.debugbear.com/blog/http3-quic-protocol-guide ▸ https://http.dev/3 ▸ https://www.csoonline.com/article/569541/6-ways-http-3-bene fi ts-security- and-7-serious-concerns.html ▸ Robin Marx at SmashingConf: https://vimeo.com/725331731

  25. QUESTIONS? MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 CONFOO

    2024

  26. MARCUS BOINTON — @[email protected] — QUIC AND HTTP/3 IPC BERLIN

    2024 THANK YOU ▸ @[email protected] ▸ @SynchroM ▸ Synchro on GitHub and Stack Over fl ow ▸ Open to job offers!
  27. None