SlideShare une entreprise Scribd logo

SPDY - http reloaded - WebTechConference 2012

Fabian Lange
Fabian Lange

The SPDY Protocol is likely going to be the successor of http. This short talk summarizes the most important points and includes a demo on how to migrate a Wordpress blog on httpd.

1  sur  50
Télécharger pour lire hors ligne
Fabian Lange SPDY - http reloaded
(WILL BE) PART OF HTTP/2.0
HTTP Problems • Single request per connection. Because HTTP can only fetch one resource at a time (HTTP pipelining helps, but still enforces only a FIFO queue), a server delay of 500 ms prevents reuse of the TCP channel for additional requests. Browsers work around this problem by using multiple connections. Since 2008, most browsers have finally moved from 2 connections per domain to 6. • Exclusively client-initiated requests. In HTTP, only the client can initiate a request. Even if the server knows the client needs a resource, it has no mechanism to inform the client and must instead wait to receive a request for the resource from the client. • Uncompressed request and response headers. Request headers today vary in size from ~200 bytes to over 2KB. As applications use more cookies and user agents expand features, typical header sizes of 700-800 bytes is common. For modems or ADSL connections, in which the uplink bandwidth is fairly low, this latency can be significant. Reducing the data in headers could directly improve the serialization latency to send requests. • Redundant headers. In addition, several headers are repeatedly sent across requests on the same channel. However, headers such as the User-Agent, Host, and Accept* are generally static and do not need to be resent. • Optional data compression. HTTP uses optional compression encodings for data. Content should always be sent in a compressed format. Source: http://dev.chromium.org/spdy/spdy-whitepaper
Web Requests Are Simple • Open a connection • Send a request • Receive a response • Done
Transfer per Page
How to Avoid Requests • Caching • Domain Sharding – Browser Limits • Keep Alive – Dedicated Connections – Waste Ressources • Pipelining
TCP Handshake 0ms 1) Host A sends a TCP SYNchronize packet to Host B 25ms 2) Host B receives A's SYN 25ms 3) Host B sends a SYNchronize-ACKnowledgement 50ms 4) Host A receives B's SYN-ACK 75ms 5) Host A sends ACKnowledge and data 75ms 6) Host B receives ACK and data. • With a "distance" of just 25ms, this takes us 75ms until data arrives at server
Initial Window • Congestion Control Mechanism • Avoid overloading clients • Each ACK of the client increases window • RFC 3390 – Increasing icwnd – Small Resonses are complete without ACK – Avoid the ACK RTT
Pushing over http • Push === Long Polling • Consumes one connection on clients • On server – Used to be expensive to hold – Modern servers have evented I/O • WebSockets
Headers http://blog.codecentric.de/ Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding gzip, deflate Accept-Language de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Connection keep-alive __utma=40497137.1800912468.1315901303.1328525769.1328537171.234; __utmz=40497137.1326462670.198.110.utmcsr=twitterfeed|utmccn=blogfee d_de|utmcmd=twitter; wp-settings- 3=editor%3Dhtml%26m0%3Do%26m1%3Do%26m2%3Do%26m3%3Dc%2 6m4%3Do%26m5%3Do%26m6%3Do%26m7%3Do%26m8%3Do%26m9%3 Cookie Do%26m10%3Do%26m11%3Do%26align%3Dcenter%26imgsize%3Dfull%2 6urlbutton%3Dnone%26hidetb%3D0; wp-settings-time-3=1328519940; __utma=162617902.1417890302.1315914276.1328537194.1328541774.63; __utmz=162617902.1328537194.62.41.utmcsr=blog.codecentric.de|utmccn =(referral)|utmcmd=referral|utmcct=/; wp-settings-time-81=1321966374 Host blog.codecentric.de Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 User-Agent Firefox/10.0
Headers http://blog.codecentric.de/files/2012/02/adlite.png Accept image/png,image/*;q=0.8,*/*;q=0.5 Accept-Encoding gzip, deflate Accept-Language de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Connection keep-alive __utma=162617902.1417890302.1315914276.1328537194.1328541774.63; __utmz=162617902.1328537194.62.41.utmcsr=blog.codecentric.de|utmccn=(referral) |utmcmd=referral|utmcct=/; wp-settings- Cookie 3=m0%3Do%26m1%3Do%26m5%3Do%26m4%3Do%26editor%3Dhtml%26wplink% 3D1%26align%3Dcenter%26imgsize%3Dfull%26hidetb%3D1%26m7%3Do%26m9% 3Do; wp-settings-time-3=1326290899 Host blog.codecentric.de Referer http://blog.codecentric.de/ User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
Content Compression • Gzip is optional • But generally best practice LoadModule deflate_module /usr/lib/httpd/modules/mod_deflate.so
SPDY TO THE RESCUE
SPDY Solutions • Allow many concurrent HTTP requests to run across a single TCP session. • Reduce the bandwidth currently used by HTTP by compressing headers and eliminating unnecessary headers. • Make SSL the underlying transport protocol, for better security and compatibility with existing network infrastructure. Although SSL does introduce a latency penalty, we believe that the long-term future of the web depends on a secure network connection. In addition, the use of SSL is necessary to ensure that communication across existing proxies is not broken. • Enable the server to initiate communications with the client and push data to the client whenever possible. Source: http://dev.chromium.org/spdy/spdy-whitepaper
Connection Multiplexing • Single TCP Connection transports all requests • TCP Handshake still exists • Inital cwnd should be 16
Compression • All data is compressed • Includes headers • Redundand data is removed – User Agent of second request is known to be same as on first
CRIME • Compression Ratio Info-leak Made Easy • Cookie value can be detected when compression is effective Sources: threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512 security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor/19914
Cookie: JSESSIONID=1234 c: jid=1234 d: kje=2345
Cookie: JSESSIONID=1234 Cookie: JSESSIONID=9876 X[i] = c: jid= [i]1234 [i]9876 Y[j] = d: kje= [j]2345 [j]0987
Cookie: JSESSIONID=1234 Cookie: JSESSIONID=1235 X[i] = c: jid=123 [i]4 [i]5 Y[j] = d: kje=234 [j]5 [j]6
Fixes • Don't compress headers • Use a compressor that is not affected
SSL • Not said to be a problem with HTTP • SSL should be default – But actually expensive • SSL hides SPDY traffic, so that proxies don't break it 
Pushing • Long Lasting Connection By Design • Send does not close the "request" • Two flavors – Server push – Server hint
Compatibility • SPDY is backwards compatible • Uses Next Protocol Negotiation – tools.ietf.org/html/draft-agl-tls- nextprotoneg-02
Adoption • Facebook implements and favors SPDY http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0251.html • Twitter implements and favors SPDY http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0250.html • Google implements and favors SPDY http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0219.html • Mozilla implements and favors SPDY http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0156.html • Wordpress.com uses SPDY https://twitter.com/wordpressdotcom/statuses/238741078172389377
Concerns • Encryption by default renders network caching useless
SPDY Support Clients Server • Chrome • Apache mod_spdy – since 11 • erlang-spdy – Ice Cream Sandwich • node-spdy • Amazon Silk • Netty 3.3.1 – Kindle Fire – Means JBoss • Firefox • Jetty 7.6.2 – Since 13 • Ngnix 1.3 • Opera – Since 12.1 • Tomcat 8.0.0-dev
SPDY Drafts • dev.chromium.org/spdy/spdy-protocol/spdy-protocol- draft1 – First draft 2009 • dev.chromium.org/spdy/spdy-protocol/spdy-protocol- draft2 – Changes to server push • dev.chromium.org/spdy/spdy-protocol/spdy-protocol- draft3 – Flow control • Draft 4 will feature compression and QoS changes
DEMO: MIGRATING PHP ON APACHE TO SUPPORT SPDY
PHP is not Threadsafe • The way SPDY works is incompatible with non threadsafe implementations – one connection one httpd worker – But multiple requests • Zend Threadsafe does not support some features (mysql!) • Need to externalize it with cgi
mod_php to mod_fcgid + php • yum install mod_fcgid • vi /etc/httpd/conf/httpd.conf <Directory "/var/www/html"> Options Indexes FollowSymLinks ExecCGI </Directory> • mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.bak • vi /etc/httpd/conf.d/fcgid.conf
DirectoryIndex index.php AddHandler fcgid-script .fcgi .php DefaultInitEnv PHPRC "/etc/" MaxRequestsPerProcess 1000 MaxProcessCount 10 MaxRequestLen 209715200 IPCCommTimeout 240 IdleTimeout 240 FCGIWrapper /usr/bin/php-cgi .php
mod_prefork to mod_worker • Needs recompilation • Luckily we have both already  – httpd -V | grep MPM – httpd.worker -V | grep MPM • sudo vi /etc/init.d/httpd httpd=${HTTPD- /usr/sbin/httpd.worker} prog=httpd.worker
mod_ssl • We need mod_ssl patched with NPN • yum install subversion curl gcc- c++ patch binutils make • mkdir modssl; cd modssl • svn export http://mod- spdy.googlecode.com/svn/trunk/src/ build_modssl_with_npn.sh • ./build_modssl_with_npn.sh • cp /root/modssl/mod_ssl.so /etc/httpd/modules/mod_ssl.so
[root@centos57 modssl]# ./build_modssl_with_npn.sh Using buildroot: /tmp/tmp.CooHIy8770 Downloading http://www.openssl.org/source/openssl-1.0.1-beta2.tar.gz ######################################################################## 100.0% Downloading http://www.apache.org/dist/httpd/httpd-2.2.21.tar.gz ######################################################################## 100.0% Downloading https://issues.apache.org/bugzilla/attachment.cgi?id=27969context=patch ######################################################################## 100.0% Uncompressing openssl-1.0.1-beta2.tar.gz ... done Uncompressing httpd-2.2.21.tar.gz ... done Applying Apache mod_ssl NPN patch ... patching file modules/ssl/ssl_private.h patching file modules/ssl/ssl_engine_init.c patching file modules/ssl/ssl_engine_io.c patching file modules/ssl/ssl_engine_kernel.c patching file modules/ssl/mod_ssl.c patching file modules/ssl/mod_ssl.h done Configuring OpenSSL ... done Building OpenSSL (this may take a while) ... done Configuring Apache mod_ssl ... done Building Apache mod_ssl (this may take a while) ... done Generated mod_ssl.so at /root/modssl/mod_ssl.so.
mod_spdy • Built from source • mkdir mod_spdy; cd mod_spdy • svn co http://src.chromium.org/svn/trunk/tools/depot_tools • export PATH="$PATH":`pwd`/depot_tools • gclient config http://mod- spdy.googlecode.com/svn/trunk/src • gclient sync --force • cd src; make BUILDTYPE=Release • sudo cp out/Release/libmod_spdy.so /etc/httpd/modules/mod_spdy.so • vi /etc/httpd/conf.d/spdy.conf LoadModule spdy_module /etc/httpd/modules/mod_spdy.so SpdyEnabled on
chrome://net-internals/#spdy
Is it spdy? • www.devthought.com/2012/03/10/chro me-spdy-indicator/ • ckon.wordpress.com/2012/03/11/spdy- indicator-for-firefox/
HTTP 2.07 seconds
HTTPS 4.94 seconds
SPDY 2.65 seconds
real HTTP 17.83 seconds
real SPDY 11.70 seconds
Online Demo • www.modspdy.com/world-flags/
www.belshe.com/2012/08/20/visualizing-spdy-vs-http
LET'S MAKE THE WEB FASTER

Recommandé

HTTP 2.0 – What do I need to know?
HTTP 2.0 – What do I need to know? HTTP 2.0 – What do I need to know?
HTTP 2.0 – What do I need to know? Sigma Software
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
HTTP/2 Introduction
HTTP/2 IntroductionHTTP/2 Introduction
HTTP/2 IntroductionWalter Liu
 
Introduction to WebSockets
Introduction to WebSocketsIntroduction to WebSockets
Introduction to WebSocketsGunnar Hillert
 
Choosing A Proxy Server - Apachecon 2014
Choosing A Proxy Server - Apachecon 2014Choosing A Proxy Server - Apachecon 2014
Choosing A Proxy Server - Apachecon 2014bryan_call
 
HTTP2:新的机遇与挑战
HTTP2:新的机遇与挑战HTTP2:新的机遇与挑战
HTTP2:新的机遇与挑战Jerry Qu
 
Apache httpd 2.4 Reverse Proxy
Apache httpd 2.4 Reverse ProxyApache httpd 2.4 Reverse Proxy
Apache httpd 2.4 Reverse ProxyJim Jagielski
 
Nuts and Bolts of WebSocket Devoxx 2014
Nuts and Bolts of WebSocket Devoxx 2014Nuts and Bolts of WebSocket Devoxx 2014
Nuts and Bolts of WebSocket Devoxx 2014Arun Gupta
 

Recommandé

HTTP 2.0 – What do I need to know?
HTTP 2.0 – What do I need to know? HTTP 2.0 – What do I need to know?
HTTP 2.0 – What do I need to know? Sigma Software
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
HTTP/2 Introduction
HTTP/2 IntroductionHTTP/2 Introduction
HTTP/2 IntroductionWalter Liu
 
Introduction to WebSockets
Introduction to WebSocketsIntroduction to WebSockets
Introduction to WebSocketsGunnar Hillert
 
Choosing A Proxy Server - Apachecon 2014
Choosing A Proxy Server - Apachecon 2014Choosing A Proxy Server - Apachecon 2014
Choosing A Proxy Server - Apachecon 2014bryan_call
 
HTTP2:新的机遇与挑战
HTTP2:新的机遇与挑战HTTP2:新的机遇与挑战
HTTP2:新的机遇与挑战Jerry Qu
 
Apache httpd 2.4 Reverse Proxy
Apache httpd 2.4 Reverse ProxyApache httpd 2.4 Reverse Proxy
Apache httpd 2.4 Reverse ProxyJim Jagielski
 
Nuts and Bolts of WebSocket Devoxx 2014
Nuts and Bolts of WebSocket Devoxx 2014Nuts and Bolts of WebSocket Devoxx 2014
Nuts and Bolts of WebSocket Devoxx 2014Arun Gupta
 
WebSocket protocol
WebSocket protocolWebSocket protocol
WebSocket protocolKensaku Komatsu
 
HTML5 WebSocket Introduction
HTML5 WebSocket IntroductionHTML5 WebSocket Introduction
HTML5 WebSocket IntroductionMarcelo Jabali
 
vlavrynovych - WebSockets Presentation
vlavrynovych - WebSockets Presentationvlavrynovych - WebSockets Presentation
vlavrynovych - WebSockets PresentationVolodymyr Lavrynovych
 
SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0Andreas Bjärlestam
 
Interactive web. O rly?
Interactive web. O rly?Interactive web. O rly?
Interactive web. O rly?timbc
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocolAviran Mordo
 
Websocket protocol overview
Websocket protocol overviewWebsocket protocol overview
Websocket protocol overviewallenmeng
 
Introduction to HTTP
Introduction to HTTPIntroduction to HTTP
Introduction to HTTPYihua Huang
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
The HTML5 WebSocket API
The HTML5 WebSocket APIThe HTML5 WebSocket API
The HTML5 WebSocket APIDavid Lindkvist
 
Pushing the web — WebSockets
Pushing the web — WebSocketsPushing the web — WebSockets
Pushing the web — WebSocketsRoland M
 
Docker and Fargate
Docker and FargateDocker and Fargate
Docker and FargateShinji Miyazato
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatJean-Frederic Clere
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX, Inc.
 
Apache HTTPD 2.4 Reverse Proxy: The Hidden Gem
Apache HTTPD 2.4 Reverse Proxy: The Hidden GemApache HTTPD 2.4 Reverse Proxy: The Hidden Gem
Apache HTTPD 2.4 Reverse Proxy: The Hidden GemJim Jagielski
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
HTML5 WebSockets
HTML5 WebSocketsHTML5 WebSockets
HTML5 WebSocketsHarri Hämäläinen
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap WebinarMen and Mice
 
Kubernetes networking - basics
Kubernetes networking - basicsKubernetes networking - basics
Kubernetes networking - basicsJuraj Hantak
 
Aspects of modern APM solutions
Aspects of modern APM solutionsAspects of modern APM solutions
Aspects of modern APM solutionsFabian Lange
 
Full Stack Web Application Performance Tuning
Full Stack Web Application Performance TuningFull Stack Web Application Performance Tuning
Full Stack Web Application Performance TuningFabian Lange
 

Contenu connexe

Tendances

HTML5 WebSocket Introduction
HTML5 WebSocket IntroductionHTML5 WebSocket Introduction
HTML5 WebSocket IntroductionMarcelo Jabali
 
vlavrynovych - WebSockets Presentation
vlavrynovych - WebSockets Presentationvlavrynovych - WebSockets Presentation
vlavrynovych - WebSockets PresentationVolodymyr Lavrynovych
 
Interactive web. O rly?
Interactive web. O rly?Interactive web. O rly?
Interactive web. O rly?timbc
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocolAviran Mordo
 
Websocket protocol overview
Websocket protocol overviewWebsocket protocol overview
Websocket protocol overviewallenmeng
 
Introduction to HTTP
Introduction to HTTPIntroduction to HTTP
Introduction to HTTPYihua Huang
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
Pushing the web — WebSockets
Pushing the web — WebSocketsPushing the web — WebSockets
Pushing the web — WebSocketsRoland M
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatJean-Frederic Clere
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX, Inc.
 
Apache HTTPD 2.4 Reverse Proxy: The Hidden Gem
Apache HTTPD 2.4 Reverse Proxy: The Hidden GemApache HTTPD 2.4 Reverse Proxy: The Hidden Gem
Apache HTTPD 2.4 Reverse Proxy: The Hidden GemJim Jagielski
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Kubernetes networking - basics
Kubernetes networking - basicsKubernetes networking - basics
Kubernetes networking - basicsJuraj Hantak
 

Tendances (20)

WebSocket protocol
WebSocket protocolWebSocket protocol
WebSocket protocol
 
HTML5 WebSocket Introduction
HTML5 WebSocket IntroductionHTML5 WebSocket Introduction
HTML5 WebSocket Introduction
 
vlavrynovych - WebSockets Presentation
vlavrynovych - WebSockets Presentationvlavrynovych - WebSockets Presentation
vlavrynovych - WebSockets Presentation
 
SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0
 
Interactive web. O rly?
Interactive web. O rly?Interactive web. O rly?
Interactive web. O rly?
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocol
 
Websocket protocol overview
Websocket protocol overviewWebsocket protocol overview
Websocket protocol overview
 
Introduction to HTTP
Introduction to HTTPIntroduction to HTTP
Introduction to HTTP
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open source
 
The HTML5 WebSocket API
The HTML5 WebSocket APIThe HTML5 WebSocket API
The HTML5 WebSocket API
 
Pushing the web — WebSockets
Pushing the web — WebSocketsPushing the web — WebSockets
Pushing the web — WebSockets
 
Docker and Fargate
Docker and FargateDocker and Fargate
Docker and Fargate
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and Tomcat
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
 
Apache HTTPD 2.4 Reverse Proxy: The Hidden Gem
Apache HTTPD 2.4 Reverse Proxy: The Hidden GemApache HTTPD 2.4 Reverse Proxy: The Hidden Gem
Apache HTTPD 2.4 Reverse Proxy: The Hidden Gem
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container Technology
 
HTML5 WebSockets
HTML5 WebSocketsHTML5 WebSockets
HTML5 WebSockets
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
Kubernetes networking - basics
Kubernetes networking - basicsKubernetes networking - basics
Kubernetes networking - basics
 

En vedette

Aspects of modern APM solutions
Aspects of modern APM solutionsAspects of modern APM solutions
Aspects of modern APM solutionsFabian Lange
 
Full Stack Web Application Performance Tuning
Full Stack Web Application Performance TuningFull Stack Web Application Performance Tuning
Full Stack Web Application Performance TuningFabian Lange
 
Eclipse Rich Ajax Platform
Eclipse Rich Ajax PlatformEclipse Rich Ajax Platform
Eclipse Rich Ajax PlatformFabian Lange
 
#smabuja: SEO, Blogs and LinkedIn
#smabuja: SEO, Blogs and LinkedIn#smabuja: SEO, Blogs and LinkedIn
#smabuja: SEO, Blogs and LinkedInSeismonaut
 
Performance - a challenging craft
Performance - a challenging craftPerformance - a challenging craft
Performance - a challenging craftFabian Lange
 
Kunde ist nicht gleich Kunde. Kunden Profiling und Kundenanalyse.
Kunde ist nicht gleich Kunde. Kunden Profiling und Kundenanalyse.Kunde ist nicht gleich Kunde. Kunden Profiling und Kundenanalyse.
Kunde ist nicht gleich Kunde. Kunden Profiling und Kundenanalyse.MAX2014DACH
 
Web Performance Optimization - JAX 2011 Talk
Web Performance Optimization - JAX 2011 TalkWeb Performance Optimization - JAX 2011 Talk
Web Performance Optimization - JAX 2011 TalkFabian Lange
 

En vedette (8)

Aspects of modern APM solutions
Aspects of modern APM solutionsAspects of modern APM solutions
Aspects of modern APM solutions
 
Full Stack Web Application Performance Tuning
Full Stack Web Application Performance TuningFull Stack Web Application Performance Tuning
Full Stack Web Application Performance Tuning
 
The SPDY Protocol
The SPDY ProtocolThe SPDY Protocol
The SPDY Protocol
 
Eclipse Rich Ajax Platform
Eclipse Rich Ajax PlatformEclipse Rich Ajax Platform
Eclipse Rich Ajax Platform
 
#smabuja: SEO, Blogs and LinkedIn
#smabuja: SEO, Blogs and LinkedIn#smabuja: SEO, Blogs and LinkedIn
#smabuja: SEO, Blogs and LinkedIn
 
Performance - a challenging craft
Performance - a challenging craftPerformance - a challenging craft
Performance - a challenging craft
 
Kunde ist nicht gleich Kunde. Kunden Profiling und Kundenanalyse.
Kunde ist nicht gleich Kunde. Kunden Profiling und Kundenanalyse.Kunde ist nicht gleich Kunde. Kunden Profiling und Kundenanalyse.
Kunde ist nicht gleich Kunde. Kunden Profiling und Kundenanalyse.
 
Web Performance Optimization - JAX 2011 Talk
Web Performance Optimization - JAX 2011 TalkWeb Performance Optimization - JAX 2011 Talk
Web Performance Optimization - JAX 2011 Talk
 

Similaire à SPDY - http reloaded - WebTechConference 2012

Oracle Coherence & WebLogic 12c Web Sockets: Delivering Real Time Push at Scale
Oracle Coherence & WebLogic 12c Web Sockets: Delivering Real Time Push at ScaleOracle Coherence & WebLogic 12c Web Sockets: Delivering Real Time Push at Scale
Oracle Coherence & WebLogic 12c Web Sockets: Delivering Real Time Push at ScaleC2B2 Consulting
 
What’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEAWhat’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEANGINX, Inc.
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and WhyAdrian Cole
 
WordPress performance tuning
WordPress performance tuningWordPress performance tuning
WordPress performance tuningVladimír Smitka
 
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Amazon Web Services
 
IBM Think 2018 - IBM Connections Troubleshooting
IBM Think 2018 - IBM Connections TroubleshootingIBM Think 2018 - IBM Connections Troubleshooting
IBM Think 2018 - IBM Connections TroubleshootingNico Meisenzahl
 
High performance website
High performance websiteHigh performance website
High performance websiteChamnap Chhorn
 
Implementing data and databases on K8s within the Dutch government
Implementing data and databases on K8s within the Dutch governmentImplementing data and databases on K8s within the Dutch government
Implementing data and databases on K8s within the Dutch governmentDoKC
 
Programming WebSockets with Glassfish and Grizzly
Programming WebSockets with Glassfish and GrizzlyProgramming WebSockets with Glassfish and Grizzly
Programming WebSockets with Glassfish and GrizzlyC2B2 Consulting
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0Mike Belshe
 
PAC 2019 virtual Mark Tomlinson
PAC 2019 virtual Mark TomlinsonPAC 2019 virtual Mark Tomlinson
PAC 2019 virtual Mark TomlinsonNeotys
 
Integrating multiple CDN providers at Etsy - Velocity Europe (London) 2013
Integrating multiple CDN providers at Etsy - Velocity Europe (London) 2013Integrating multiple CDN providers at Etsy - Velocity Europe (London) 2013
Integrating multiple CDN providers at Etsy - Velocity Europe (London) 2013Marcus Barczak
 
Optimising Web Application Frontend
Optimising Web Application FrontendOptimising Web Application Frontend
Optimising Web Application Frontendtkramar
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingShannon McFarland
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Amazon Web Services
 
Type URL, Enter, and Then …
Type URL, Enter, and Then …Type URL, Enter, and Then …
Type URL, Enter, and Then …Jinglun Li
 
CSU33012-I-microservices.pdf
CSU33012-I-microservices.pdfCSU33012-I-microservices.pdf
CSU33012-I-microservices.pdfRicky Garg
 
The Real World - Plugging the Enterprise Into It (nodejs)
The Real World - Plugging the Enterprise Into It (nodejs)The Real World - Plugging the Enterprise Into It (nodejs)
The Real World - Plugging the Enterprise Into It (nodejs)Aman Kohli
 

Similaire à SPDY - http reloaded - WebTechConference 2012 (20)

Oracle Coherence & WebLogic 12c Web Sockets: Delivering Real Time Push at Scale
Oracle Coherence & WebLogic 12c Web Sockets: Delivering Real Time Push at ScaleOracle Coherence & WebLogic 12c Web Sockets: Delivering Real Time Push at Scale
Oracle Coherence & WebLogic 12c Web Sockets: Delivering Real Time Push at Scale
 
What’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEAWhat’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEA
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and Why
 
WordPress performance tuning
WordPress performance tuningWordPress performance tuning
WordPress performance tuning
 
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
 
IBM Think 2018 - IBM Connections Troubleshooting
IBM Think 2018 - IBM Connections TroubleshootingIBM Think 2018 - IBM Connections Troubleshooting
IBM Think 2018 - IBM Connections Troubleshooting
 
High performance website
High performance websiteHigh performance website
High performance website
 
SPDY
SPDYSPDY
SPDY
 
Implementing data and databases on K8s within the Dutch government
Implementing data and databases on K8s within the Dutch governmentImplementing data and databases on K8s within the Dutch government
Implementing data and databases on K8s within the Dutch government
 
Programming WebSockets with Glassfish and Grizzly
Programming WebSockets with Glassfish and GrizzlyProgramming WebSockets with Glassfish and Grizzly
Programming WebSockets with Glassfish and Grizzly
 
Http2 in practice
Http2 in practiceHttp2 in practice
Http2 in practice
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0
 
PAC 2019 virtual Mark Tomlinson
PAC 2019 virtual Mark TomlinsonPAC 2019 virtual Mark Tomlinson
PAC 2019 virtual Mark Tomlinson
 
Integrating multiple CDN providers at Etsy - Velocity Europe (London) 2013
Integrating multiple CDN providers at Etsy - Velocity Europe (London) 2013Integrating multiple CDN providers at Etsy - Velocity Europe (London) 2013
Integrating multiple CDN providers at Etsy - Velocity Europe (London) 2013
 
Optimising Web Application Frontend
Optimising Web Application FrontendOptimising Web Application Frontend
Optimising Web Application Frontend
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud Networking
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
 
Type URL, Enter, and Then …
Type URL, Enter, and Then …Type URL, Enter, and Then …
Type URL, Enter, and Then …
 
CSU33012-I-microservices.pdf
CSU33012-I-microservices.pdfCSU33012-I-microservices.pdf
CSU33012-I-microservices.pdf
 
The Real World - Plugging the Enterprise Into It (nodejs)
The Real World - Plugging the Enterprise Into It (nodejs)The Real World - Plugging the Enterprise Into It (nodejs)
The Real World - Plugging the Enterprise Into It (nodejs)
 

SPDY - http reloaded - WebTechConference 2012

  • 1. Fabian Lange SPDY - http reloaded
  • 2. (WILL BE) PART OF HTTP/2.0
  • 3. HTTP Problems • Single request per connection. Because HTTP can only fetch one resource at a time (HTTP pipelining helps, but still enforces only a FIFO queue), a server delay of 500 ms prevents reuse of the TCP channel for additional requests. Browsers work around this problem by using multiple connections. Since 2008, most browsers have finally moved from 2 connections per domain to 6. • Exclusively client-initiated requests. In HTTP, only the client can initiate a request. Even if the server knows the client needs a resource, it has no mechanism to inform the client and must instead wait to receive a request for the resource from the client. • Uncompressed request and response headers. Request headers today vary in size from ~200 bytes to over 2KB. As applications use more cookies and user agents expand features, typical header sizes of 700-800 bytes is common. For modems or ADSL connections, in which the uplink bandwidth is fairly low, this latency can be significant. Reducing the data in headers could directly improve the serialization latency to send requests. • Redundant headers. In addition, several headers are repeatedly sent across requests on the same channel. However, headers such as the User-Agent, Host, and Accept* are generally static and do not need to be resent. • Optional data compression. HTTP uses optional compression encodings for data. Content should always be sent in a compressed format. Source: http://dev.chromium.org/spdy/spdy-whitepaper
  • 4. Web Requests Are Simple • Open a connection • Send a request • Receive a response • Done
  • 5.
  • 7. How to Avoid Requests • Caching • Domain Sharding – Browser Limits • Keep Alive – Dedicated Connections – Waste Ressources • Pipelining
  • 8. TCP Handshake 0ms 1) Host A sends a TCP SYNchronize packet to Host B 25ms 2) Host B receives A's SYN 25ms 3) Host B sends a SYNchronize-ACKnowledgement 50ms 4) Host A receives B's SYN-ACK 75ms 5) Host A sends ACKnowledge and data 75ms 6) Host B receives ACK and data. • With a "distance" of just 25ms, this takes us 75ms until data arrives at server
  • 9.
  • 10. Initial Window • Congestion Control Mechanism • Avoid overloading clients • Each ACK of the client increases window • RFC 3390 – Increasing icwnd – Small Resonses are complete without ACK – Avoid the ACK RTT
  • 11. Pushing over http • Push === Long Polling • Consumes one connection on clients • On server – Used to be expensive to hold – Modern servers have evented I/O • WebSockets
  • 12. Headers http://blog.codecentric.de/ Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding gzip, deflate Accept-Language de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Connection keep-alive __utma=40497137.1800912468.1315901303.1328525769.1328537171.234; __utmz=40497137.1326462670.198.110.utmcsr=twitterfeed|utmccn=blogfee d_de|utmcmd=twitter; wp-settings- 3=editor%3Dhtml%26m0%3Do%26m1%3Do%26m2%3Do%26m3%3Dc%2 6m4%3Do%26m5%3Do%26m6%3Do%26m7%3Do%26m8%3Do%26m9%3 Cookie Do%26m10%3Do%26m11%3Do%26align%3Dcenter%26imgsize%3Dfull%2 6urlbutton%3Dnone%26hidetb%3D0; wp-settings-time-3=1328519940; __utma=162617902.1417890302.1315914276.1328537194.1328541774.63; __utmz=162617902.1328537194.62.41.utmcsr=blog.codecentric.de|utmccn =(referral)|utmcmd=referral|utmcct=/; wp-settings-time-81=1321966374 Host blog.codecentric.de Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 User-Agent Firefox/10.0
  • 13. Headers http://blog.codecentric.de/files/2012/02/adlite.png Accept image/png,image/*;q=0.8,*/*;q=0.5 Accept-Encoding gzip, deflate Accept-Language de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Connection keep-alive __utma=162617902.1417890302.1315914276.1328537194.1328541774.63; __utmz=162617902.1328537194.62.41.utmcsr=blog.codecentric.de|utmccn=(referral) |utmcmd=referral|utmcct=/; wp-settings- Cookie 3=m0%3Do%26m1%3Do%26m5%3Do%26m4%3Do%26editor%3Dhtml%26wplink% 3D1%26align%3Dcenter%26imgsize%3Dfull%26hidetb%3D1%26m7%3Do%26m9% 3Do; wp-settings-time-3=1326290899 Host blog.codecentric.de Referer http://blog.codecentric.de/ User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
  • 14. Content Compression • Gzip is optional • But generally best practice LoadModule deflate_module /usr/lib/httpd/modules/mod_deflate.so
  • 15. SPDY TO THE RESCUE
  • 16. SPDY Solutions • Allow many concurrent HTTP requests to run across a single TCP session. • Reduce the bandwidth currently used by HTTP by compressing headers and eliminating unnecessary headers. • Make SSL the underlying transport protocol, for better security and compatibility with existing network infrastructure. Although SSL does introduce a latency penalty, we believe that the long-term future of the web depends on a secure network connection. In addition, the use of SSL is necessary to ensure that communication across existing proxies is not broken. • Enable the server to initiate communications with the client and push data to the client whenever possible. Source: http://dev.chromium.org/spdy/spdy-whitepaper
  • 17. Connection Multiplexing • Single TCP Connection transports all requests • TCP Handshake still exists • Inital cwnd should be 16
  • 18. Compression • All data is compressed • Includes headers • Redundand data is removed – User Agent of second request is known to be same as on first
  • 19. CRIME • Compression Ratio Info-leak Made Easy • Cookie value can be detected when compression is effective Sources: threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512 security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor/19914
  • 20. Cookie: JSESSIONID=1234 c: jid=1234 d: kje=2345
  • 21. Cookie: JSESSIONID=1234 Cookie: JSESSIONID=9876 X[i] = c: jid= [i]1234 [i]9876 Y[j] = d: kje= [j]2345 [j]0987
  • 22. Cookie: JSESSIONID=1234 Cookie: JSESSIONID=1235 X[i] = c: jid=123 [i]4 [i]5 Y[j] = d: kje=234 [j]5 [j]6
  • 23. Fixes • Don't compress headers • Use a compressor that is not affected
  • 24. SSL • Not said to be a problem with HTTP • SSL should be default – But actually expensive • SSL hides SPDY traffic, so that proxies don't break it 
  • 25. Pushing • Long Lasting Connection By Design • Send does not close the "request" • Two flavors – Server push – Server hint
  • 26. Compatibility • SPDY is backwards compatible • Uses Next Protocol Negotiation – tools.ietf.org/html/draft-agl-tls- nextprotoneg-02
  • 27. Adoption • Facebook implements and favors SPDY http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0251.html • Twitter implements and favors SPDY http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0250.html • Google implements and favors SPDY http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0219.html • Mozilla implements and favors SPDY http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0156.html • Wordpress.com uses SPDY https://twitter.com/wordpressdotcom/statuses/238741078172389377
  • 28. Concerns • Encryption by default renders network caching useless
  • 29. SPDY Support Clients Server • Chrome • Apache mod_spdy – since 11 • erlang-spdy – Ice Cream Sandwich • node-spdy • Amazon Silk • Netty 3.3.1 – Kindle Fire – Means JBoss • Firefox • Jetty 7.6.2 – Since 13 • Ngnix 1.3 • Opera – Since 12.1 • Tomcat 8.0.0-dev
  • 30.
  • 31. SPDY Drafts • dev.chromium.org/spdy/spdy-protocol/spdy-protocol- draft1 – First draft 2009 • dev.chromium.org/spdy/spdy-protocol/spdy-protocol- draft2 – Changes to server push • dev.chromium.org/spdy/spdy-protocol/spdy-protocol- draft3 – Flow control • Draft 4 will feature compression and QoS changes
  • 32. DEMO: MIGRATING PHP ON APACHE TO SUPPORT SPDY
  • 33. PHP is not Threadsafe • The way SPDY works is incompatible with non threadsafe implementations – one connection one httpd worker – But multiple requests • Zend Threadsafe does not support some features (mysql!) • Need to externalize it with cgi
  • 34. mod_php to mod_fcgid + php • yum install mod_fcgid • vi /etc/httpd/conf/httpd.conf <Directory "/var/www/html"> Options Indexes FollowSymLinks ExecCGI </Directory> • mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.bak • vi /etc/httpd/conf.d/fcgid.conf
  • 35. DirectoryIndex index.php AddHandler fcgid-script .fcgi .php DefaultInitEnv PHPRC "/etc/" MaxRequestsPerProcess 1000 MaxProcessCount 10 MaxRequestLen 209715200 IPCCommTimeout 240 IdleTimeout 240 FCGIWrapper /usr/bin/php-cgi .php
  • 36. mod_prefork to mod_worker • Needs recompilation • Luckily we have both already  – httpd -V | grep MPM – httpd.worker -V | grep MPM • sudo vi /etc/init.d/httpd httpd=${HTTPD- /usr/sbin/httpd.worker} prog=httpd.worker
  • 37. mod_ssl • We need mod_ssl patched with NPN • yum install subversion curl gcc- c++ patch binutils make • mkdir modssl; cd modssl • svn export http://mod- spdy.googlecode.com/svn/trunk/src/ build_modssl_with_npn.sh • ./build_modssl_with_npn.sh • cp /root/modssl/mod_ssl.so /etc/httpd/modules/mod_ssl.so
  • 38. [root@centos57 modssl]# ./build_modssl_with_npn.sh Using buildroot: /tmp/tmp.CooHIy8770 Downloading http://www.openssl.org/source/openssl-1.0.1-beta2.tar.gz ######################################################################## 100.0% Downloading http://www.apache.org/dist/httpd/httpd-2.2.21.tar.gz ######################################################################## 100.0% Downloading https://issues.apache.org/bugzilla/attachment.cgi?id=27969context=patch ######################################################################## 100.0% Uncompressing openssl-1.0.1-beta2.tar.gz ... done Uncompressing httpd-2.2.21.tar.gz ... done Applying Apache mod_ssl NPN patch ... patching file modules/ssl/ssl_private.h patching file modules/ssl/ssl_engine_init.c patching file modules/ssl/ssl_engine_io.c patching file modules/ssl/ssl_engine_kernel.c patching file modules/ssl/mod_ssl.c patching file modules/ssl/mod_ssl.h done Configuring OpenSSL ... done Building OpenSSL (this may take a while) ... done Configuring Apache mod_ssl ... done Building Apache mod_ssl (this may take a while) ... done Generated mod_ssl.so at /root/modssl/mod_ssl.so.
  • 39. mod_spdy • Built from source • mkdir mod_spdy; cd mod_spdy • svn co http://src.chromium.org/svn/trunk/tools/depot_tools • export PATH="$PATH":`pwd`/depot_tools • gclient config http://mod- spdy.googlecode.com/svn/trunk/src • gclient sync --force • cd src; make BUILDTYPE=Release • sudo cp out/Release/libmod_spdy.so /etc/httpd/modules/mod_spdy.so • vi /etc/httpd/conf.d/spdy.conf LoadModule spdy_module /etc/httpd/modules/mod_spdy.so SpdyEnabled on
  • 41.
  • 42. Is it spdy? • www.devthought.com/2012/03/10/chro me-spdy-indicator/ • ckon.wordpress.com/2012/03/11/spdy- indicator-for-firefox/
  • 50. LET'S MAKE THE WEB FASTER