HTTP/2

The (not so) new Language of the Web

Software EngineerAll around nerdSystems Administrator for 7

years@aramonc in all the places

About Me

Slight History of HTTP 1.x● World Wide Web first proposed by Tim Berners-Lee & team in 1989● First documented in 1991 in HTTP 0.9

○ Request only GET○ Response only HTML

● Officially documented in RFC 1945 as HTTP 1.0 in 1996○ HTTP 1.1 was already in draft○ Documented common use cases from existing web browsers○ Not a standard

● HTTP 1.1 became official standard in 1997○ Defined in RFC 2068○ Additions & Disambiguations added in 1999 as RFC 2616○ Supported by most browsers and tools since early drafts○ Re-written into multiple proposed RFCs between 2007 & 2014

Then Came SPDY● Binary protocol worked on by Mike Belshe &

Roberto Peon at Google● Implemented on Chrome & GFE servers

between 2009 & 2014● Introduced to Mark Nottingham of the IETF

HTTPBIS working group in 2012● Became the basis of HTTP/2

Binary Protocol Features● Binary framing● Streams● Request & response multiplexing● Stream prioritization● Single connection per origin● Flow control● Server Push● Header Compression

The Final HTTP / 2 RFC(s)● Hypertext Transfer Protocol version 2 - RFC7540

○ Describes the new internals of the protocol○ Designed for low latency

● HPACK - Header Compression for HTTP/2 - RFC7541

● Published in May 2015

ImplementationsApache 2.4.17

F5 (upcoming release)

Jetty ~7.6.13

IIS Server 2016

Nginx 1.9.5

Akamai ~2015

cURL 7.38.0

WireShark 1.11

IE 11 (Windows 10 only)

Edge 2

Chrome 41

Firefox 36

Safari 9 (OSX 10.11+)

Opera 28

Current Browser Implementation

Binary Framing● Similar to TCP packets● Frames contain distinct

data (headers, payload, etc)

● Frames are indexed● Fixed length

Length

Flags

Identifier

Payload

Streams● Bidirectional flow of bytes within a connection● May carry one or more messages● Single TCP connection can carry several streams● Have identifiers● Can be prioritized

Streams

by Ilya Grigorik

Capable of Multiplexing● Frames in different streams can be interleaved● Solves Head-of-Line blocking

by Ilya Grigorik

Header Compression● Original SPDY compression was vulnerable● HPACK used in HTTP/2● HPACK uses 2 compression techniques

○ Huffman compression○ Client & Server must keep indexed list of

previously seen headers

Header Compression

by Ilya Grigorik

Server Push● Server knows content needed● Server sends a PUSH_PROMISE frame● Client can decide to accept frame or reset it● Currently still experimental

TLS Only● Not mandated by the standard● Chrome & Firefox stated they will not support

without TLS● Performance issues balanced in single

connection scenario● http://letsencrypt.org

Connection Upgrade● ALPN during TLS hand-shake

○ Recommended

● Connection & Upgrade headers

DoS Vectors● Single connection reduces many vectors● TCP is still point of failure● HPACK & required buffering can be memory

intensive● HPACK can be used to increase payload● Header frames cannot be interrupted

What does this Mean for you?● Increased performance

○ Conservative measure of 5% to 15% ● Decreased resource use● New tools for debugging & monitoring ● Happier customers● Time to switch

It’s for Everyone● Reduces battery use in mobile devices

● Reduces CPU use in the server level

● Overall fewer costs

Transition Plan● Know your application as it is● Which strategy is best for your customers● Optimizations you might need to change● Benchmark before & after every change● Deploy

Transition Plan

1. Internal / Backend APIs2. Public APIs3. CDNs4. Front end applications5. Load balancers & other proxies

Transition Strategies● Sit and wait

● Adopt HTTP/2 completely

● Hybrid approach

Optimize, Fine Tune● Applications currently compensate for

shortcomings in HTTP 1.1● Most optimizations still ok

○ Maybe different● Re-optimize assets to take advantage of new

features● No changes to use of CDNs

Detrimental Optimizations● Domain sharding

● Inline assets

● Image sprites

● Concatenated resources

Hybrid Approach● For front-end servers● HTTP/2 capable proxy● Proxy terminates TLS● Forwards requests to servers with appropriate

optimizations● More costly approach

Benchmarks, Benchmarks, Benchmarks● Load Impact comparison tool

○ http://http2.loadimpact.com/entry/● Plugin for JMeter● h2load● Test all optimizations

Resources● http://http2.github.io● High Performance Browser Networking -

http://bit.ly/1PWhBQ3● Google HTTP/2 podcasts - http://bit.ly/1QgUrUP● http://caniuse.com/#feat=http2● HTTP/2 is here, let’s optimize -

http://bit.ly/20KJq5I

Thank You!http://bit.ly/1nvOOLV