HTTP/2
The (not so) new Language of the Web
Software EngineerAll around nerdSystems Administrator for 7
years@aramonc in all the places
About Me
Slight History of HTTP 1.x● World Wide Web first proposed by Tim Berners-Lee & team in 1989● First documented in 1991 in HTTP 0.9
○ Request only GET○ Response only HTML
● Officially documented in RFC 1945 as HTTP 1.0 in 1996○ HTTP 1.1 was already in draft○ Documented common use cases from existing web browsers○ Not a standard
● HTTP 1.1 became official standard in 1997○ Defined in RFC 2068○ Additions & Disambiguations added in 1999 as RFC 2616○ Supported by most browsers and tools since early drafts○ Re-written into multiple proposed RFCs between 2007 & 2014
Then Came SPDY● Binary protocol worked on by Mike Belshe &
Roberto Peon at Google● Implemented on Chrome & GFE servers
between 2009 & 2014● Introduced to Mark Nottingham of the IETF
HTTPBIS working group in 2012● Became the basis of HTTP/2
Binary Protocol Features● Binary framing● Streams● Request & response multiplexing● Stream prioritization● Single connection per origin● Flow control● Server Push● Header Compression
The Final HTTP / 2 RFC(s)● Hypertext Transfer Protocol version 2 - RFC7540
○ Describes the new internals of the protocol○ Designed for low latency
● HPACK - Header Compression for HTTP/2 - RFC7541
● Published in May 2015
ImplementationsApache 2.4.17
F5 (upcoming release)
Jetty ~7.6.13
IIS Server 2016
Nginx 1.9.5
Akamai ~2015
cURL 7.38.0
WireShark 1.11
IE 11 (Windows 10 only)
Edge 2
Chrome 41
Firefox 36
Safari 9 (OSX 10.11+)
Opera 28
Current Browser Implementation
Binary Framing● Similar to TCP packets● Frames contain distinct
data (headers, payload, etc)
● Frames are indexed● Fixed length
Length
Flags
Identifier
Payload
Streams● Bidirectional flow of bytes within a connection● May carry one or more messages● Single TCP connection can carry several streams● Have identifiers● Can be prioritized
Streams
by Ilya Grigorik
Capable of Multiplexing● Frames in different streams can be interleaved● Solves Head-of-Line blocking
by Ilya Grigorik
Header Compression● Original SPDY compression was vulnerable● HPACK used in HTTP/2● HPACK uses 2 compression techniques
○ Huffman compression○ Client & Server must keep indexed list of
previously seen headers
Header Compression
by Ilya Grigorik
Server Push● Server knows content needed● Server sends a PUSH_PROMISE frame● Client can decide to accept frame or reset it● Currently still experimental
TLS Only● Not mandated by the standard● Chrome & Firefox stated they will not support
without TLS● Performance issues balanced in single
connection scenario● http://letsencrypt.org
Connection Upgrade● ALPN during TLS hand-shake
○ Recommended
● Connection & Upgrade headers
DoS Vectors● Single connection reduces many vectors● TCP is still point of failure● HPACK & required buffering can be memory
intensive● HPACK can be used to increase payload● Header frames cannot be interrupted
What does this Mean for you?● Increased performance
○ Conservative measure of 5% to 15% ● Decreased resource use● New tools for debugging & monitoring ● Happier customers● Time to switch
It’s for Everyone● Reduces battery use in mobile devices
● Reduces CPU use in the server level
● Overall fewer costs
Transition Plan● Know your application as it is● Which strategy is best for your customers● Optimizations you might need to change● Benchmark before & after every change● Deploy
Transition Plan
1. Internal / Backend APIs2. Public APIs3. CDNs4. Front end applications5. Load balancers & other proxies
Transition Strategies● Sit and wait
● Adopt HTTP/2 completely
● Hybrid approach
Optimize, Fine Tune● Applications currently compensate for
shortcomings in HTTP 1.1● Most optimizations still ok
○ Maybe different● Re-optimize assets to take advantage of new
features● No changes to use of CDNs
Detrimental Optimizations● Domain sharding
● Inline assets
● Image sprites
● Concatenated resources
Hybrid Approach● For front-end servers● HTTP/2 capable proxy● Proxy terminates TLS● Forwards requests to servers with appropriate
optimizations● More costly approach
Benchmarks, Benchmarks, Benchmarks● Load Impact comparison tool
○ http://http2.loadimpact.com/entry/● Plugin for JMeter● h2load● Test all optimizations
Resources● http://http2.github.io● High Performance Browser Networking -
http://bit.ly/1PWhBQ3● Google HTTP/2 podcasts - http://bit.ly/1QgUrUP● http://caniuse.com/#feat=http2● HTTP/2 is here, let’s optimize -
http://bit.ly/20KJq5I
Thank You!http://bit.ly/1nvOOLV
Top Related