A QUIC History of HTTP
| Bri Hatch | Personal | Work |
|---|---|---|
|
Onsight, Inc bri@ifokr.org |
ExtraHop Networks bri@extrahop.com |
Copyright 2019, Bri Hatch, Creative Commons BY-NC-SA License
Why we're here
In the beginning....
1989, Tim Berners-Lee at CERN "Mesh" proposal- HTML
- HTTP
- Client
- Server
Completed in 1990.
Servers outside CERN servers serving HTTP by 1991.
alt.hypertext announcement 1991-08-06
HTTP/0.9
$ telnet www.aoeu.com 80
GET /lfnw-2019-http.html
<html>
<head>
<title>Hello, World</title>
</head>
<body>
Hello, World!
</body>
</html>
$
HTTP/0.9 (cont)
$ telnet www.aoeu.com 80
GET /lfnw-2019-http.txt
<html>
<head>
<title>Hello...
</head>
<body>
Hello, World!
</body>
</html>
$
|
URL: http://www.aoeu.com/lfnw-2019-http.txt
Scheme: HTTP
HTTP Method: GET |
HTTP/0.9 (cont)
$ telnet www.aoeu.com 80
GET /lfnw-2019-http.txt
<html>
<head>
<title>Hello...
</head>
<body>
Hello, World!
</body>
</html>
$
|
HTTP Version: ???? Size of content: ???? Encoding of response: ???? Type of response content: ???? Success or failure: ???? |
HTTP/1.0
HTTP/1.0 Improvements:
- HTTP Versioning
- Non-HTML content
- Status codes
- Headers
- More methods
RFC-1945, in 1996.
State of dialup 1996
State of dialup 1996- 28.8k baud modems were fast
- 1 Meg in ~4.7 minutes
- interlaced gifs the norm
HTTP/1.0 (cont)
$ telnet www.aoeu.com 80
GET /lfnw-2019-http.html HTTP/1.0
User-Agent: NCSA Mosaic/1.0 (X11;SunOS 4.1.4 sun4m)
HTTP/1.0 200 OK
Server: NCSA/1.2
Date: Tue, 19 Apr 1994 09:43:00 GMT
Content-Type: text/html
Content-Length: 119
Last-Modified: Wed, 21 Jan 1994 19:51:30 GMT
<html>
<head>
<title>Hello World!
...
$
HTTP/1.0 Response Codes
Response codes!HTTP/1.0 Response Codes
Response codes!
200: OK |
400: Bad Request |
Bring me his Head(ers)!
Browsers and servers can now convey more than just content!- Content metadata
- Early caching capabilities
Request Headers (HTTP/1.0)
Request Headers (HTTP/1.0)
Accept
Accept-{Charset,Encoding,Language}
Authorization
Content-Language
From
If-Modified-Since
Referer
User-Agent
Response Headers (HTTP/1.0)
Response Headers (HTTP/1.0)
Allow Content-Encoding Content-Language Content-Length Content-Type Expires Last-Modified Link Location Retry-After Server WWW-Authenticate
HTTP/1.0 HEAD Method
HEAD Method
$ telnet www.aoeu.com 80 HEAD /really-big-image.gif HTTP/1.0 User-Agent: NCSA Mosaic/1.0 (X11;SunOS 4.1.4 sun4m) HTTP/1.0 200 OK Server: NCSA/1.2 Date: Tue, 19 Apr 1994 09:43:00 GMT Content-Type: image/gif Content-Length: 1769082 $
HTTP/1.0 POST Method
HTTP/1.0 POST Method
$ telnet www.aoeu.com 80
POST /cgi-bin/jj.cgi HTTP/1.0
User-Agent: NCSA Mosaic/1.0 (X11;SunOS 4.1.4 sun4m)
Content-Length: 72
Content-Type: application/x-www-form-urlencoded
pwd=foo&sub=Big+John+Gourmet+Sub....
HTTP/1.0 200 OK
<html>
<head>
<TITLE>Order Sent</TITLE>
...
What about state?
What about state?Cookies aren't part of the HTTP specifications!
# Before cookies (~1994/1996) GET /forum/cats/?cid=92b135196c47afaa8496a64ab64aa8b2 # After cookies GET /forums/cats/ Cookie: cid=92b135196c47afaa8496a64ab64aa8b2 Server: NCSA/1.2 Date: Tue, 19 Apr 1994 09:43:00 GMT Set-Cookie: cid=df83af441843aaf15b83ebec82fb2c5a
SSL
SSL - Secure Sockets Layer
Protocol developed at Netscape
SSLv2, Nov 1994
SSLv3, Nov 1995, RFC-6101 (eventually)
SSLeay 1995
OpenSSL fork, 1998
TLS 1.0 - 1999; TLS 1.1 - 2006; TLS 1.2 - 2008; TLS 1.3 - 2018
# Then $ (echo "GET /"; echo) | ssleay s_client -host www.aoeu.com -port 443 # Now $ printf "GET /\n\n" | openssl s_client -connect www.aoeu.com:443
OSI Model
Open Systems Interconnection Model
| Application Layer |
| Presentation Layer |
| Session Layer |
| Transport Layer |
| Network Layer |
| Data Link Layer |
| Physical Layer |
OSI Model (ideal)
Open Systems Interconnection Model (ideal)
| Application Layer | |
| Presentation Layer | |
| Session Layer | |
| Transport Layer | TCP, UDP (source, dest, ports, etc) |
| Network Layer | IP |
| Data Link Layer | Ethernet frames, Token Ring, etc |
| Physical Layer | Electrons+Copper, Photons+Fiber, RF, etc |
Internet Model (Accurate)
Internet Model (Accurate)
| Application Layer | Everything Else |
| Presentation Layer | |
| Session Layer | |
| Transport Layer | TCP, UDP (source, dest, ports, etc) |
| Network Layer | IP |
| Data Link Layer | Ethernet frames, Token Ring, etc |
| Physical Layer | Electrons+Copper, Photons+Fiber, RF, etc |
HTTP Reality
HTTP Reality| Content |
| TLS/SSL (hopefully) |
| TCP |
| IP |
| Ethernet |
| Physical Layer |
HTTP/1.1
Standarized in 1997, RFC-2068Improvements
- Improved cache control
- Range requests
- HTTP Proxy Support
- Content Negotiation
- Content Chunking
- Connection Reuse
- Pipelining
- Compression
Hostheader
Methods in HTTP/1.1
Methods in HTTP/1.1
GET
HEAD
POST
DELETE
PUT
PATCH
LINK
UNLINK
CONNECT
OPTIONS
TRACE
Methods in HTTP/1.1 (cont)
Methods in HTTP/1.1 (cont)
GET
HEAD
POST
DELETE
PUT
PATCH
REST - Representational State Transfer (2000) supplants SOAP
XMLHttpRequest enables AJAX (OWA 1999, Gmail 2004)
Connection Reuse (HTTP/1.1)
Connection Reuse (HTTP/1.1)GET /first/item HTTP/1.1 REQUEST HEADERS RESPONSE HEADERS RESPONSE CONTENT GET /second/item HTTP/1.1 REQUEST HEADERS RESPONSE HEADERS RESPONSE CONTENT GET /third/item HTTP/1.1 ...
- Avoided TCP session establishment overhead
- Browsers still had hard-coded limit of concurrent connections
Pipelining (HTTP/1.1)
Pipelining (HTTP/1.1)GET /first/item HTTP/1.1 FIRST REQUEST HEADERS GET /second/item HTTP/1.1 SECOND REQUEST HEADERS FIRST RESPONSE HEADERS FIRST RESPONSE CONTENT SECOND RESPONSE HEADERS SECOND RESPONSE CONTENT GET /third/item HTTP/1.1 THIRD REQUEST HEADERS ...
But may not be supported by server - would need to be retried.
Only safe on idempotent requests.
HTTP/2
HTTP/2
- Introduced 2015, RFC-7540, based on Google's SPDY (2009) experimental protocol
- Stream (response) multiplexing, non-ordered, via binary framing layer
- Stream prioritization
- Gratuitous responses (Promises)
- Header compression
- Improves "head of line blocking" problem
HTTP/2.0 Frames
HTTP/2.0 Frames9 Bytes in length
- Bytes 0-2: Frame Length
- Byte 3: Frame Type
- Byte 4: Flags
- Byte 5-7: Stream ID (plus a reserved bit)
- Remaining bytes: payload
Frame types include DATA, HEADERS, RST_STREAM, PUSH_PROMISE, GOAWAY
HTTP/2 Multiplexing
HTTP/2 Multiplexing
| Client | <- | Stream 1 data |
Stream 3 headers |
Stream 5 data |
Stream 2 headers |
Stream 3 data |
Stream 3 data |
Server |
|---|---|---|---|---|---|---|---|---|
| Stream 7 headers |
-----> |
HTTP/2 Compatibility
HTTP/2 CompatibilityBinary framing doesn't play well with <= HTTP/1.1 servers.
Solution: upgrade from HTTP/1.1, or use TLS
GET /index.html HTTP/1.1
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
NORMAL_HEADERS_HERE
HTTP2-Settings: <base64 headers settings blob>
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: h2c
...
HTTP/2 Results
HTTP/2 Results
- Head of line problem (mostly) eliminated
- Browsers use just one TCP socket
- Best we can do?
HTTP/3
HTTP/3
- Based on QUIC (Google 2012)
- Agreed to become HTTP/3 Nov 2018, but still in RFC draft
- Solves head of line problem
Solving HOL? (HTTP/3)
So how did they solve the HOL problem?
Solving HOL? (HTTP/3)
So how did they solve the HOL problem?
HTTP over UDP
HTTP over UDP
- Not stream-oriented - no guaranteed packet order
- Must re-implement retransmissions, congestion control, and other TCP features
- Existing protocols like SCTP, TCP Fast Open insufficient
QUIC vs HTTP/3
QUIC vs HTTP/3The Google QUIC protocol now called gQUIC
QUIC is the generic secure UDP transport.
HTTP/3 is HTTP over QUIC.
HTTP/3 Features
HTTP/3 Features- TLS required
- All advantages of HTTP/2 multiplexing, prioritization, etc
- Similar frame types (DATA, HEADERS, GOAWAY...)
- Fast handshake (0-RTT, 1-RTT)
- 62-bit stream ID supports IP roaming!
HTTP/3 Standard
HTTP/3 Standard
Latest draft: 2019-04-23
Draft expires: 2019-10-25
https://tools.ietf.org/html/draft-ietf-quic-http-20
Thanks!
Presentation: https://www.ifokr.org/bri/presentations/lfnw-2019-http/
| Personal | Work |
|---|---|
| Bri Hatch Onsight, Inc bri@ifokr.org |
Bri Hatch |
Copyright 2019, Bri Hatch, Creative Commons BY-NC-SA License