Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ SPRINGONE2GX WASHINGTON, DC HTTP/2 for the web developer By Brian Clozel @brianclozel
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Hello! @brianclozel Spring Framework committer Sagan lead developer 2
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Too Long; Didn’t Attend 1. HTTP/2 is about solving latency issues, but also introduces features with new possibilities 2.It retains the semantics of HTTP 1.1, but dev + ops need to evolve 3. Server Push & Stream prioritization are more complex than one might think 4. Support is on its way, adoption rate is great, but still questions on deployment options & implementations 3
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What’s wrong with HTTP 1.1? 4
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP 1.1 is here to stay RFC 2616 is now obsolete RFC 7230-7235 5
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP 1.1 issues • Sending redundant info in HTTP headers • Privacy • UPGRADE to other protocols 6
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP 1.1 issues - Head of line blocking 7 Client Server Request #1 Response #1 Request #2 Response #2
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Head of line blocking More TCP connections/ domain? Domain sharding? 8
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Improving page load time Bandwidth vs. Latency 12
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Problems with HTTP 1.1 workarounds 13
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Domain sharding • No magical number • Cost of DNS queries • TCP slow start 14
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Concatenation • cache efficiency/invalidation • client performance • client build more complex 15
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Protocol basics 1/6 A single TCP connection 18
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Protocol basics 2/6 Multiple Streams 19
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Protocol basics 3/6 Binary Framing 20
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Streams 21 Client Server Stream: 3 HEADERS Stream: 5 HEADERS Stream: 5 DATA Stream: 3 HEADERS Stream: 3 DATA Stream: 5 HEADERS Stream: 3 DATA
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Protocol basics 4/6 Flow Control 22
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Protocol basics 5/6 HPACK (header compression) 23
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Header table 24 id name value 12 :path /index.html
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Static + dynamic tables 25 Client Server
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Protocol basics 6/6 TLS (not) required 26
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 with Spring Boot + Jetty 28
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ With undertow! 29 Source: https://github.com/making/demo-http2
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ SSL Keylog file in Wireshark 32
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 support & adoption 33
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Server implementations (native) • Apache Traffic Server • Nginx (alpha patch) • apache httpd (mod_h2) • h2o • nghttp2.org 34
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ On the JVM • Undertow • Jetty • Netty • OkHttp • Tomcat 9 (WIP) 35
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Application Layer Protocol Negotiation • protocol negotiation in TLS handshake • formerly NPN • vs. protocol Upgrade in HTTP 1.1 • your SSL/TLS implementation must support it 36
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ ALPN and JDK support • JDK6 only supports TLSv1 • JDK7 supports TLSv1.2 • JDK8 supports TLSv1.2 (default) • JDK9 will support ALPN • Note: JSSE ciphers support… 37 Source: https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ ALPN support with JDK7 and JDK8 • using jetty-alpn.jar • overrides sun.security.ssl.{ClientHandshaker,ServerHandshaker} • java -Xbootclasspath/p:<path_to_alpn_boot_jar> … • jar version compatibility check with JDK version 38 Source: https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ JDK9 improvements • ALPN support (work in progress) • cipher updates • HTTP/2 Client • replace HTTPUrlConnection • async notifications on headers, body, server push… • CompletableFuture and lambdas 39 JEP 110: https://bugs.openjdk.java.net/browse/JDK-8042950
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Servlet 4.0 • Servlet 3.1 shipped with async IO • Supporting http/2 additional capabilities (stream prioritization & server push APIs) • Considering Reactive Streams support and java.util.concurrent.Flow 40 Source: https://java.net/projects/servlet-spec/lists/jsr369-experts/archive/2015-08/message/1
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 Flow Control 42 Client Server Stream: 5 HEADERS Stream: 5 DATA Stream: 5 DATA Stream: 5 WINDOW_UPDATE xx octets
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Differentiating features • IO & programming model • Optional features in HTTP/2 • Server Push • Stream prioritization • Proxy capacities 43
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 browser support 44 Source: caniuse.com
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 browser support (market share) 45 Source: caniuse.com
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Pre-flight HTTP/2 checklist (6 steps) 47
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 1: Improve TCP support on servers • Upgrade Linux kernels to 3.2+ • Set Initial Congestion Window to 10 segments • TCP Fast Open support • Proportional Rate Reduction 48
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 2: Enforce HTTP 1.1 best practices • Cache-Control and ETag headers • gzip/deflate • image compression / media queries • get ready to remove HTTP 1.1 workarounds 49
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 4: Secure your application with TLS • New requirements for certificates: SHA256 RSA, 2048bits • TLS v1.2 (limited list of ciphers) • h2c won’t really help here • letsencrypt.org 51
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 5: Undo HTTP1.1 workarounds? • Most of those are harmful when applied to HTTP/2 • What about supporting both HTTP 1.1 & HTTP/2 52
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Step 6: Update your development toolset • Web developer tools, Wireshark, NSSKeyLog • Test your app with latency! 53
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Push_Promise 55 Client Server Stream: 5 HEADERS GET /resource Stream: 5 PUSH_PROMISE Promised Stream: 8 GET /other Stream: 8 DATA Stream: 5 HEADERS Stream: 8 HEADERS
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 Server Push // Latency solved! Off to the pub! @HttpPush("/*.css", "/*.js") public void myControllerHandler() { // Some code here } 56
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Push Promise: order of frames « The server SHOULD send PUSH_PROMISE (Section 6.6) frames prior to sending any frames that reference the promised responses. This avoids a race where clients issue requests prior to receiving any PUSH_PROMISE frames. » 58 Source: https://httpwg.github.io/specs/rfc7540.html#rfc.section.8.2.1.p.1
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Push_Promise: order of frames 59 Client Server Stream: 5 HEADERS GET /index Stream: 5 PUSH_PROMISE Promised Stream: 8 GET /main.css Stream: 5 DATA Stream: 5 HEADERS Stream: 11 HEADERS GET /main.css Duplicate!?!
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Server push; code example @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { // Pushing resources here chain.doFilter(req, resp); // Too late? } 60
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Jetty PushCacheFilter • Use the « Referer » HTTP header • Maintain a Map of page -> List of resources • Automatically pushing associated resources • Limits? 61
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Is pushing everything really efficient? • Only when page loaded with empty cache? • Resources already cached? • All pushed resources necessary for initial render? Or app ready to be used? • Maintain the list of resources to push manually? • Aren’t we denying all browser heuristics? 62
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ So what do we need? • Private browser info: cache state, CPU, battery • Knowledge of Browser internals (layout, painting?) • Could we have priority information for each resource? 63
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Stream dependency / weight 65 Stream: 11 HEADERS Dependency: 8 Weight: 55 GET /other
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resource Dependency Tree (in theory) 66 Stream 0 S1;W12 S2;W50 S3;W34 S4;W20 S5;W20
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Is this enough? • Is there a way to manually set a priority on a resource? • So HTTP/2 Server Push is the only mechanism to improve latency? • This works only for our own resources, what about 3rd party resources like fonts, JavaScript libraries? 69
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Server Push with Spring Boot + Jetty 70
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resource Hints: a W3C draft Assisting User Agents in their decision process of fetching resources. http://w3c.github.io/resource-hints/ 72
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resource Hints, HTML markup <!DOCTYPE html> <html> <head> <!-‐-‐ resolve DNS as early as possible -‐-‐> <link rel="dns-‐prefetch" href="//example.org"></script> <!-‐-‐ dns-‐prefetch + TCP handshake -‐-‐> <link rel="preconnect" href="//example.org" /> </head> <body> </body> </html> 73
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resource Hints browser support 76
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Comparing with HTML5 async/defer <!DOCTYPE html> <html> <head></head> <body> <!-‐-‐ loading asynchronously, executing as soon as possible -‐-‐> <script src="/app.js" async></script> <!-‐-‐ loading & executing after page load -‐-‐> <script src="/other.js" defer></script> </body> </html> 78
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Performance: combining strategies is the key We need to consider: • Server implementation • Browser capabilities • HTTP/2 features • front-end « optimization » • Hosting Infrastructure 80
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Clever Proxies 81 Client Server Proxy 1) HTML + Resource Hint 2) Resource fetch 2) HTML + Server push
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Packaging your app with ALPN • Snowflakes in production? • Repeatable staging • Runtime support with Cloud Foundry buildpacks? 83
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Distributing secrets… Making certs+keys available in a distributed environment: • Spring Cloud Config server? • Tools for managing secrets (Vault?) 84
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Apple Push Notification Service 85 Provider APNS Feedback APNS HTTP 1.1 polling for feedback
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HTTP/2 chosen for next version of APNS 86 Provider APNS HTTP/2
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ HAL + Server Push { ... "_links": { "self": { "href": "/issue/123456" }, "assigned": { "href": "/user/bclozel" } } } 88 Push this resource?
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ https://github.com/bclozel/http2-experiments 89
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 90 Enjoy SpringOne2GX! Don’t miss « Introduction to Reactive Programming » - 10:30AM, this room Learn More. Stay Connected. @springcentral Spring.io/video
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Safe Harbor Statement The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. These purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation. 91