Presentation is loading. Please wait.

Presentation is loading. Please wait.

HTTP/2 and ATS ATS Fall Summit 2015 Bryan Call. Why HTTP/2? Reduce latency and TCP connection overhead Easier to write well-performing sites (no domain.

Published byAntony Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "HTTP/2 and ATS ATS Fall Summit 2015 Bryan Call. Why HTTP/2? Reduce latency and TCP connection overhead Easier to write well-performing sites (no domain."— Presentation transcript:

1 HTTP/2 and ATS ATS Fall Summit 2015 Bryan Call

2 Why HTTP/2? Reduce latency and TCP connection overhead Easier to write well-performing sites (no domain sharing, sprites, inlining, etc.) SPDY will be removed from browsers early 2016 Contractual obligation with Mozilla to support HTTP/2 (Q4 2015) for Yahoo

3 HTTP/2 Enhancements ● Multiplexed streams ● Sharing connection across domains ● Header compression ● Stream prioritization ● Flow Control ● Server­initiated streams ● TLS - no renegotiation and no compression, must/may support TLS 1.2, SNI, PFS, ALPN

4 Multiplexed Streams ● HTTP/1.1 o 4-8 outstanding requests on 4-8 connections o Resource intensive on the server ● HTTP/2 o One connection, 100 or more outstanding requests

5 Connection Sharing Multiple domains over one TCP connection – Domain in cert and resolve to same IP

6 HTTP/2 History Foundation is from SPDY – Draft 1 – November 2009 IETF - 18 drafts and ~2.5 years – Draft 00 - November 2012 – RFC 7540 - May 2015

7 HTTP/2 in ATS 5.3.0 – experimental release – May, 2015 – 14 Jira Tickets 6.0.0 – stable release – September, 2015 – 45 Jira Tickets 6.0.1 – more stable release – November, 2015 – 7 Jira Tickets

8 ATS in Production Testing started April, 2015 Full deployment in September, 2015 – All major proxy services (YCS, YCPI, YCS-CT) Yahoo US – Only major deployment of HTTP/2

9 Interesting Bugs TS-3869 - HTTP/2 Stream uses the clients window size for the servers setting – Chrome set window to 10MB – ATS set window to 1MB – ATS set 10MB as its window size – ATS doesn’t give credit to the client until window is almost used TS-3747 - Error in Huffman decoder for HPACK – if (current->ascii_code) { }

10 ATS in Production

11 HTTP/2, NPN, ALPN, and Android NPNALPN OpenSSL 1.0.1 OpenSSL 1.0.2 ATS OkHttp Chromium

12 HTTP/2, NPN, ALPN, and Android NPN – Client selects protocol ALPN – Server selects protocol HTTP/2 uses ALPN – Most clients will use NPN OpenSSL 1.0.1 (RHEL 6/7) – Doesn’t support ALPN, does support NPN Android OkHttp – Doesn’t support NPN, does support ALPN

13 Performance HTTP/2 – 11% reduction in page load times for Frontpage (SPDY) measured by client navigation timing – >4x requests per connection vs HTTP/1.1 for static and dynamic content

14 Using HTTP/2 Enabling HTTP/2 $ sudo traffic_ctl config set proxy.config.http2.enabled 1 set proxy.config.http2.enabled, restart required $ sudo trafficserver restart

15 Using HTTP/2 Configuring HTTP/2 $ traffic_ctl config match http2 proxy.config.http2.enabled: 1 proxy.config.http2.max_concurrent_streams_in: 100 proxy.config.http2.initial_window_size_in: 1048576 proxy.config.http2.max_frame_size: 16384 proxy.config.http2.header_table_size: 4096 proxy.config.http2.max_header_list_size: 4294967295 proxy.config.http2.accept_no_activity_timeout: 120 proxy.config.http2.no_activity_timeout_in: 115

16 Using HTTP/2 Getting Statistics $ traffic_ctl metric match http2 proxy.process.http2.current_client_sessions 15518 proxy.process.http2.current_client_streams 112 proxy.process.http2.total_client_streams 19163488 proxy.process.http2.total_transactions_time 41532771809941 proxy.process.http2.total_client_connections 1646635 proxy.process.http2.connection_errors 41 proxy.process.http2.stream_errors 4842

17 Command Line - nghttp Command line client $ nghttp -v -n -H ':authority: s.yimg.com' https://216.115.100.102/uy/build/images/icons-1x-s2fb29ad15b.png [ 0.042] Connected [ 0.096][NPN] server offers: * h2 * h2-14 * spdy/3.1 * spdy/3 * http/1.1 * http/1.0 The negotiated protocol: h2... [ 0.197] recv (stream_id=13, sensitive) :status: 200

18 Chrome chrome://net-internals/#http2

19 Chrome Clicking on the ID

20

21 Extra Slides

22 Header Compression 379 bytes GET /rz/l/yahoo_en-US_f_p_142x37.png HTTP/1.1 Host: s.yimg.com Connection: keep-alive Cache-Control: max-age=0 Accept: image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 DNT: 1 Referer: https://www.yahoo.com/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 GET /rz/l/logo_static_large_purple.png HTTP/1.1 Host: s.yimg.com Connection: keep-alive Cache-Control: max-age=0 Accept: image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 DNT: 1 Referer: https://www.yahoo.com/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 29 new bytes; 381 total

23 Frames ● Binary protocol vs text based ● Max Size o HTTP/2 - ~16KB (2^14 - 1) ● Frame types (10 types) o HEADERS o CONTINUATION o DATA o WINDOW_UPDATE o RST_STREAM o GOAWAY o PING o PRIORITY o SETTINGS o PUSH_PROMISE HTTP/2 Frame: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | R | Length (14) | Type (8) | Flags (8) | +-+-+-----------+---------------+-------------------------------+ |R| Stream Identifier (31) | +-+-------------------------------------------------------------+ | Frame Payload (0...) | +---------------------------------------------------------------+

24 Streams ● One stream per request ● Stream IDs o Server initiated are even o Client initiated are odd ● 2^31 unique IDs - they don’t wrap

25 Prioritization & Flow Control Ability to set a priority of a stream – Resources proportional to the priority – Dependency tree for streams Flow control – Connection and streams – Client and server – Credit based Default 64KB Updated by WINDOW_UPDATE frame

26 Push ● PUSH_PROMISE frame ● Should send push before referencing resource - race condition ● Depending on the use case can be faster or slower o Browser already has the resource cached ● Response must be cacheable ● Inherits headers from associated request

27 Potential Issues ● HTTP/2 ● Lowercase headers ● Splits the Cookie header, but proxies should concatenate on conversion to HTTP/1.1 ● Stateful authentication (e.g. NTLM) ● Head of line blocking at transport layer ● DOS attacks

28 Recommendations ● One domain - no sharding ● Don’t inline ● Don’t concatenate - no combo handler ● Use server hints ● Set correct Cache-Control headers ● Use YCPI and YCS ● Move to ATS 5.3.0 before end of 2015

29 Client Support ● HTTP/2 o Chrome 41, Firefox 36, IE 12, Safari Fall, iOS9 o IE plans on supporting TLS and non-TLS o Wireshark support Server Support ● ATS o HTTP/2 support in ATS 5.3.0 release April 2015  No priority support  No push support

Download ppt "HTTP/2 and ATS ATS Fall Summit 2015 Bryan Call. Why HTTP/2? Reduce latency and TCP connection overhead Easier to write well-performing sites (no domain."

Similar presentations

Traffic Infrastructure ©2013 LinkedIn Corporation. All Rights Reserved. HTTP/2 and a faster Web What it is, what it does and what does it mean.

Traffic Infrastructure ©2013 LinkedIn Corporation. All Rights Reserved. HTTP/2 and a faster Web What it is, what it does and what does it mean.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
SPDY - Clean Slate HTTP About SPDY o What is SPDY o Goals o Features About HTTP o Simple HTTP o Pipelining for cuncurrency o Pipelining doesn’t help SPDY.

SPDY - Clean Slate HTTP About SPDY o What is SPDY o Goals o Features About HTTP o Simple HTTP o Pipelining for cuncurrency o Pipelining doesn’t help SPDY.
Cross Site Request Forgery CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Cross Site Request Forgery CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
By Jory Cohen Made for CISC856, Spring 2010 Thanks to Dr. Amer, Mike Belshe(Google), Jon Leighton.

By Jory Cohen Made for CISC856, Spring 2010 Thanks to Dr. Amer, Mike Belshe(Google), Jon Leighton.
Dynamic Adaptive Streaming over HTTP2.0. What’s in store ▪ All about – MPEG DASH, pipelining, persistent connections and caching ▪ Google SPDY - Past,

Dynamic Adaptive Streaming over HTTP2.0. What’s in store ▪ All about – MPEG DASH, pipelining, persistent connections and caching ▪ Google SPDY - Past,
1 HTTP and some other odds and ends Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.

1 HTTP and some other odds and ends Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.
Chapter 9 Application Layer, HTTP Professor Rick Han University of Colorado at Boulder

Chapter 9 Application Layer, HTTP Professor Rick Han University of Colorado at Boulder
How the web works: HTTP and CGI explained

How the web works: HTTP and CGI explained
HTTP and Web Content Delivery COS 461: Computer Networks Spring 2011 Mike Freedman

HTTP and Web Content Delivery COS 461: Computer Networks Spring 2011 Mike Freedman
Performance Comparison of Congested HTTP/2 Links Brian Card, CS 577 12/7/2014 1.

Performance Comparison of Congested HTTP/2 Links Brian Card, CS /7/
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
2/9/2004 Web and HTTP February 9, 2004. 2/9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.

2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
Client, Server, HTTP, IP Address, Domain Name. Client-Server Model Client Bob Yahoo Server yahoo.com/finance.html A text file named finance.html.

Client, Server, HTTP, IP Address, Domain Name. Client-Server Model Client Bob Yahoo Server yahoo.com/finance.html A text file named finance.html.
Application Layer. Domain Name System Domain Name System (DNS) Problem – Want to go to www.google.com, but don’t know the IP addresswww.google.com Solution.

Application Layer. Domain Name System Domain Name System (DNS) Problem – Want to go to but don’t know the IP addresswww.google.com Solution.
Lecture 4: stateful inspection, advanced protocols Roei Ben-Harush 2015.

Lecture 4: stateful inspection, advanced protocols Roei Ben-Harush 2015.
Rensselaer Polytechnic Institute CSC-432 – Operating Systems David Goldschmidt, Ph.D.

Rensselaer Polytechnic Institute CSC-432 – Operating Systems David Goldschmidt, Ph.D.
MEC 2014 4/19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

MEC /19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Similar presentations

Ads by Google