The SPDY Protocol is likely going to be the successor of http. This short talk summarizes the most important points and includes a demo on how to migrate a Wordpress blog on httpd.
3. HTTP Problems
• Single request per connection. Because HTTP can only fetch one resource at a time (HTTP
pipelining helps, but still enforces only a FIFO queue), a server delay of 500 ms prevents
reuse of the TCP channel for additional requests. Browsers work around this problem by
using multiple connections. Since 2008, most browsers have finally moved from 2
connections per domain to 6.
• Exclusively client-initiated requests. In HTTP, only the client can initiate a request. Even if
the server knows the client needs a resource, it has no mechanism to inform the client and
must instead wait to receive a request for the resource from the client.
• Uncompressed request and response headers. Request headers today vary in size from
~200 bytes to over 2KB. As applications use more cookies and user agents expand
features, typical header sizes of 700-800 bytes is common. For modems or ADSL
connections, in which the uplink bandwidth is fairly low, this latency can be
significant. Reducing the data in headers could directly improve the serialization latency to
send requests.
• Redundant headers. In addition, several headers are repeatedly sent across requests on the
same channel. However, headers such as the User-Agent, Host, and Accept* are generally
static and do not need to be resent.
• Optional data compression. HTTP uses optional compression encodings for data. Content
should always be sent in a compressed format.
Source: http://dev.chromium.org/spdy/spdy-whitepaper
4. Web Requests Are Simple
• Open a connection
• Send a request
• Receive a response
• Done
8. TCP Handshake
0ms 1) Host A sends a TCP SYNchronize packet to Host B
25ms 2) Host B receives A's SYN
25ms 3) Host B sends a SYNchronize-ACKnowledgement
50ms 4) Host A receives B's SYN-ACK
75ms 5) Host A sends ACKnowledge and data
75ms 6) Host B receives ACK and data.
• With a "distance" of just 25ms, this takes
us 75ms until data arrives at server
9.
10. Initial Window
• Congestion Control Mechanism
• Avoid overloading clients
• Each ACK of the client increases
window
• RFC 3390
– Increasing icwnd
– Small Resonses are complete without ACK
– Avoid the ACK RTT
11. Pushing over http
• Push === Long Polling
• Consumes one connection on clients
• On server
– Used to be expensive to hold
– Modern servers have evented I/O
• WebSockets
16. SPDY Solutions
• Allow many concurrent HTTP requests to run across a
single TCP session.
• Reduce the bandwidth currently used by HTTP by
compressing headers and eliminating unnecessary
headers.
• Make SSL the underlying transport protocol, for better
security and compatibility with existing network
infrastructure. Although SSL does introduce a latency
penalty, we believe that the long-term future of the web
depends on a secure network connection. In addition, the
use of SSL is necessary to ensure that communication
across existing proxies is not broken.
• Enable the server to initiate communications with the
client and push data to the client whenever possible.
Source: http://dev.chromium.org/spdy/spdy-whitepaper
18. Compression
• All data is compressed
• Includes headers
• Redundand data is removed
– User Agent of second request is known to
be same as on first
19. CRIME
• Compression Ratio Info-leak Made
Easy
• Cookie value can be detected when
compression is effective
Sources:
threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor/19914
24. SSL
• Not said to be a problem with HTTP
• SSL should be default
– But actually expensive
• SSL hides SPDY traffic, so that proxies
don't break it
25. Pushing
• Long Lasting Connection By Design
• Send does not close the "request"
• Two flavors
– Server push
– Server hint
26. Compatibility
• SPDY is backwards compatible
• Uses Next Protocol Negotiation
– tools.ietf.org/html/draft-agl-tls-
nextprotoneg-02
27. Adoption
• Facebook implements and favors SPDY
http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0251.html
• Twitter implements and favors SPDY
http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0250.html
• Google implements and favors SPDY
http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0219.html
• Mozilla implements and favors SPDY
http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0156.html
• Wordpress.com uses SPDY
https://twitter.com/wordpressdotcom/statuses/238741078172389377
33. PHP is not Threadsafe
• The way SPDY works is incompatible
with non threadsafe implementations
– one connection one httpd worker
– But multiple requests
• Zend Threadsafe does not support
some features (mysql!)
• Need to externalize it with cgi
34. mod_php to mod_fcgid + php
• yum install mod_fcgid
• vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
Options Indexes FollowSymLinks ExecCGI
</Directory>
• mv /etc/httpd/conf.d/php.conf
/etc/httpd/conf.d/php.conf.bak
• vi /etc/httpd/conf.d/fcgid.conf