SlideShare a Scribd company logo

SPDY / W3C

Mike Belshe
Mike Belshe

I gave this presentation to the W3C TAG in Nov, 2011. The meeting notes are published here: http://www.w3.org/2001/tag/2011/11/04-minutes

1 of 19
Download to read offline
SPDY Moving to Standardization
Why am I talking to the W3C?
Major Players Already Engaged ● Google: Uses SPDY for all SSL Traffic ○ see about:net-internals in Chrome ● Firefox ○ currently implementing SPDY ● Amazon Kindle Fire ○ launching in a couple of weeks ○ using a very different, but wicked cool model for SPDY
Why did Google build SPDY?
What is SPDY? ● Multiplexing ○ Get the data off the client ● Compression ○ HTTP headers are excessive ○ Uplink bandwidth is limited ● Prioritization ○ Today the browser holds back ○ Priorities enable multiplexing ● Server Push ○ Websites do some of this today with data URLs
Why SSL? ● Technically a myth, SPDY doesn't require SSL. ● Started as a deployment reality ● But we need to secure the net. ○ Not just for finance and banks anymore!
What about Proxies? ● Proxies cause a lot of problems. ○ example: Pipelining, WebSockets ● We need to transition to explicit proxies instead of implicit ○ This is a hard change. ● SPDY does not address cacheable, secured content. It's simply out-of-scope for the project, but a very worthy project to solve.
What does Firefox say? From Patrick McManus: Number of parallel connections is exploding: ● NYT home page: 83 connections ● Google+: 64 connections ● Facebook photos: 75 connections He points out: ● This creates horrible NAT pressure. ● 83 concurrent tcp control blocks has potential for enormous queues ● "That means HTTP breaks real time apps - SPDY lets us mitigate that problem"
What is Kindle Fire doing? Amazon Kindle Internet Service A single SPDY connection for everything.
Time to Standardize ● It's clear others are finding SPDY compelling ○ Google, Firefox, Amazon, Cotendo, Strangeloop ● We don't want a non-interoperable pile of goo. ● Google is happy to standardize, and individuals from Google would like to play a role. But it will take its own form. ● Planning to do this through IETF in 2012.
Extra slides
With multiplexing:
HTTP Connections Average: 29 connections per page. 25%-tile = 10 50%-tile = 20 75%-tile = 39 95%-tile = 78
Deployment: Process of Elimination ● Avoid changing the lower-level transport ● Available transports: TCP or UDP. ○ Note: SCTP not an option due to NAT. ● UDP ○ We'd have to re-engineer TCP features. ● That leaves us with TCP. ○ Ok, so which port? 80 or 443?
Deployment: Port 80 ● Should be our first choice. ● Except HTTP runs on port 80. ● Proxies and intermediates make for a treacherous environment. ○ HTTP/1.1 1999 - Pipelining still not deployed ○ Compression negotiation ● Upgrade header requires a round trip ● WebSockets Data Shows that using HTTP over a non- standard port is less tampered with than port 80. ○ Success rate: ■ HTTP (port 80) 67% ■ HTTP (port 61985) 86% ■ HTTPS (port 443) 95%
Deployment: Port 443 ● Port 443 runs SSL/TLS. ○ Adds server authentication & encryption ● Handshake is extensible: ○ Next-Protocol-Negotiation www.ietf.org/id/draft-agl-tls-nextprotoneg-00.txt
Less is More - Conns, Bytes, Packets
Request Path SPDY (closer to actual) SPDY (human readable) 80 01 00 01 SYN frame 00 00 00 6b stream_id = 1 00 00 00 01 associated_stream_id = 0 00 00 00 00 priority = 1 40 00 00 04 num_headers = 4 06method04post [6]method[4]POST 03url1ahttp://blogger.com/my_blog [3]url[26]http://blogger.com/my_blog 0auser-agent13blahblahblah chrome [10]user-agent[19]blahblahblah chrome 07version08http/1.1 [7]version[8]HTTP/1.1 DATA frame stream_id = 1 00 00 00 01 flags = fin 01 00 00 1f length = 31 here is my very short blog post here is my very short blog post
Why does SPDY require SSL? ● It doesn't. ● Started as a deployment challenge. ● However, Chrome will never ship a version that is not SSL based, Firefox engineers agree as well.

Recommended

University of Delaware - Improving Web Protocols (early SPDY talk)
University of Delaware - Improving Web Protocols (early SPDY talk)University of Delaware - Improving Web Protocols (early SPDY talk)
University of Delaware - Improving Web Protocols (early SPDY talk)Mike Belshe
 
SPDY @Zynga
SPDY @ZyngaSPDY @Zynga
SPDY @ZyngaMike Belshe
 
Building dsl using groovy
Building dsl using groovyBuilding dsl using groovy
Building dsl using groovyPuneet Behl
 
Google Chromebook for the Enterprise: Yeah or Meh?
Google Chromebook for the Enterprise: Yeah or Meh?Google Chromebook for the Enterprise: Yeah or Meh?
Google Chromebook for the Enterprise: Yeah or Meh?Ericom Software
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0Mike Belshe
 
Compact Web - Remind "web compression" -
Compact Web - Remind "web compression" -Compact Web - Remind "web compression" -
Compact Web - Remind "web compression" -Tomokazu Kiyohara
 
Петър Николов. "Mobile Ecommerce Technical Performance"
Петър Николов. "Mobile Ecommerce Technical Performance"Петър Николов. "Mobile Ecommerce Technical Performance"
Петър Николов. "Mobile Ecommerce Technical Performance"DariaShalahinova
 
SPDY, TCP, and the Single Connection Throttle
SPDY, TCP, and the Single Connection ThrottleSPDY, TCP, and the Single Connection Throttle
SPDY, TCP, and the Single Connection ThrottleMike Belshe
 

Recommended

University of Delaware - Improving Web Protocols (early SPDY talk)
University of Delaware - Improving Web Protocols (early SPDY talk)University of Delaware - Improving Web Protocols (early SPDY talk)
University of Delaware - Improving Web Protocols (early SPDY talk)Mike Belshe
 
SPDY @Zynga
SPDY @ZyngaSPDY @Zynga
SPDY @ZyngaMike Belshe
 
Building dsl using groovy
Building dsl using groovyBuilding dsl using groovy
Building dsl using groovyPuneet Behl
 
Google Chromebook for the Enterprise: Yeah or Meh?
Google Chromebook for the Enterprise: Yeah or Meh?Google Chromebook for the Enterprise: Yeah or Meh?
Google Chromebook for the Enterprise: Yeah or Meh?Ericom Software
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0Mike Belshe
 
Compact Web - Remind "web compression" -
Compact Web - Remind "web compression" -Compact Web - Remind "web compression" -
Compact Web - Remind "web compression" -Tomokazu Kiyohara
 
Петър Николов. "Mobile Ecommerce Technical Performance"
Петър Николов. "Mobile Ecommerce Technical Performance"Петър Николов. "Mobile Ecommerce Technical Performance"
Петър Николов. "Mobile Ecommerce Technical Performance"DariaShalahinova
 
SPDY, TCP, and the Single Connection Throttle
SPDY, TCP, and the Single Connection ThrottleSPDY, TCP, and the Single Connection Throttle
SPDY, TCP, and the Single Connection ThrottleMike Belshe
 
SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012Fabian Lange
 
SPDY
SPDYSPDY
SPDYDaniel Stenberg
 
The SPDY Protocol
The SPDY ProtocolThe SPDY Protocol
The SPDY ProtocolFabian Lange
 
Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Chris Grundemann
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
SPDY
SPDYSPDY
SPDYAndreas Bjärlestam
 
HTML5 - The Good, the Bad, the Ugly
HTML5 - The Good, the Bad, the UglyHTML5 - The Good, the Bad, the Ugly
HTML5 - The Good, the Bad, the UglyMario Heiderich
 
SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0Andreas Bjärlestam
 
Harnessing the cloud_for_saa_s_hosted_platfor
Harnessing the cloud_for_saa_s_hosted_platforHarnessing the cloud_for_saa_s_hosted_platfor
Harnessing the cloud_for_saa_s_hosted_platforLuke Summerfield
 
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsStanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsSuzanne Aldrich
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineeringJimmy Lim
 
Building a Small Datacenter
Building a Small DatacenterBuilding a Small Datacenter
Building a Small Datacenterssuser4b98f0
 
Building a Small DC
Building a Small DCBuilding a Small DC
Building a Small DCAPNIC
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesDouglasPickett
 
Automatic Backup via FTP - Part 1
Automatic Backup via FTP - Part 1Automatic Backup via FTP - Part 1
Automatic Backup via FTP - Part 1GLC Networks
 
SPDY
SPDYSPDY
SPDYgavinthirlwall
 
Socket Programming with Python
Socket Programming with PythonSocket Programming with Python
Socket Programming with PythonGLC Networks
 
Website & Internet + Performance testing
Website & Internet + Performance testingWebsite & Internet + Performance testing
Website & Internet + Performance testingRoman Ananev
 
Secure software supply chain on a shoestring budget
Secure software supply chain on a shoestring budgetSecure software supply chain on a shoestring budget
Secure software supply chain on a shoestring budgetLars Albertsson
 
kranonit S06E01 Игорь Цинько: High load
kranonit S06E01 Игорь Цинько: High loadkranonit S06E01 Игорь Цинько: High load
kranonit S06E01 Игорь Цинько: High loadKrivoy Rog IT Community
 

More Related Content

Similar to SPDY / W3C

SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012Fabian Lange
 
Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Chris Grundemann
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
HTML5 - The Good, the Bad, the Ugly
HTML5 - The Good, the Bad, the UglyHTML5 - The Good, the Bad, the Ugly
HTML5 - The Good, the Bad, the UglyMario Heiderich
 
Harnessing the cloud_for_saa_s_hosted_platfor
Harnessing the cloud_for_saa_s_hosted_platforHarnessing the cloud_for_saa_s_hosted_platfor
Harnessing the cloud_for_saa_s_hosted_platforLuke Summerfield
 
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsStanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsSuzanne Aldrich
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineeringJimmy Lim
 
Building a Small Datacenter
Building a Small DatacenterBuilding a Small Datacenter
Building a Small Datacenterssuser4b98f0
 
Building a Small DC
Building a Small DCBuilding a Small DC
Building a Small DCAPNIC
 
Automatic Backup via FTP - Part 1
Automatic Backup via FTP - Part 1Automatic Backup via FTP - Part 1
Automatic Backup via FTP - Part 1GLC Networks
 
Socket Programming with Python
Socket Programming with PythonSocket Programming with Python
Socket Programming with PythonGLC Networks
 
Website & Internet + Performance testing
Website & Internet + Performance testingWebsite & Internet + Performance testing
Website & Internet + Performance testingRoman Ananev
 
Secure software supply chain on a shoestring budget
Secure software supply chain on a shoestring budgetSecure software supply chain on a shoestring budget
Secure software supply chain on a shoestring budgetLars Albertsson
 
kranonit S06E01 Игорь Цинько: High load
kranonit S06E01 Игорь Цинько: High loadkranonit S06E01 Игорь Цинько: High load
kranonit S06E01 Игорь Цинько: High loadKrivoy Rog IT Community
 

Similar to SPDY / W3C (20)

SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012
 
SPDY
SPDYSPDY
SPDY
 
The SPDY Protocol
The SPDY ProtocolThe SPDY Protocol
The SPDY Protocol
 
Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing Development
 
SPDY
SPDYSPDY
SPDY
 
HTML5 - The Good, the Bad, the Ugly
HTML5 - The Good, the Bad, the UglyHTML5 - The Good, the Bad, the Ugly
HTML5 - The Good, the Bad, the Ugly
 
SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0
 
Harnessing the cloud_for_saa_s_hosted_platfor
Harnessing the cloud_for_saa_s_hosted_platforHarnessing the cloud_for_saa_s_hosted_platfor
Harnessing the cloud_for_saa_s_hosted_platfor
 
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsStanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineering
 
Building a Small Datacenter
Building a Small DatacenterBuilding a Small Datacenter
Building a Small Datacenter
 
Building a Small DC
Building a Small DCBuilding a Small DC
Building a Small DC
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Automatic Backup via FTP - Part 1
Automatic Backup via FTP - Part 1Automatic Backup via FTP - Part 1
Automatic Backup via FTP - Part 1
 
SPDY
SPDYSPDY
SPDY
 
Socket Programming with Python
Socket Programming with PythonSocket Programming with Python
Socket Programming with Python
 
Website & Internet + Performance testing
Website & Internet + Performance testingWebsite & Internet + Performance testing
Website & Internet + Performance testing
 
Secure software supply chain on a shoestring budget
Secure software supply chain on a shoestring budgetSecure software supply chain on a shoestring budget
Secure software supply chain on a shoestring budget
 
kranonit S06E01 Игорь Цинько: High load
kranonit S06E01 Игорь Цинько: High loadkranonit S06E01 Игорь Цинько: High load
kranonit S06E01 Игорь Цинько: High load
 

SPDY / W3C

  • 2. Why am I talking to the W3C?
  • 3. Major Players Already Engaged ● Google: Uses SPDY for all SSL Traffic ○ see about:net-internals in Chrome ● Firefox ○ currently implementing SPDY ● Amazon Kindle Fire ○ launching in a couple of weeks ○ using a very different, but wicked cool model for SPDY
  • 4. Why did Google build SPDY?
  • 5. What is SPDY? ● Multiplexing ○ Get the data off the client ● Compression ○ HTTP headers are excessive ○ Uplink bandwidth is limited ● Prioritization ○ Today the browser holds back ○ Priorities enable multiplexing ● Server Push ○ Websites do some of this today with data URLs
  • 6. Why SSL? ● Technically a myth, SPDY doesn't require SSL. ● Started as a deployment reality ● But we need to secure the net. ○ Not just for finance and banks anymore!
  • 7. What about Proxies? ● Proxies cause a lot of problems. ○ example: Pipelining, WebSockets ● We need to transition to explicit proxies instead of implicit ○ This is a hard change. ● SPDY does not address cacheable, secured content. It's simply out-of-scope for the project, but a very worthy project to solve.
  • 8. What does Firefox say? From Patrick McManus: Number of parallel connections is exploding: ● NYT home page: 83 connections ● Google+: 64 connections ● Facebook photos: 75 connections He points out: ● This creates horrible NAT pressure. ● 83 concurrent tcp control blocks has potential for enormous queues ● "That means HTTP breaks real time apps - SPDY lets us mitigate that problem"
  • 9. What is Kindle Fire doing? Amazon Kindle Internet Service A single SPDY connection for everything.
  • 10. Time to Standardize ● It's clear others are finding SPDY compelling ○ Google, Firefox, Amazon, Cotendo, Strangeloop ● We don't want a non-interoperable pile of goo. ● Google is happy to standardize, and individuals from Google would like to play a role. But it will take its own form. ● Planning to do this through IETF in 2012.
  • 13. HTTP Connections Average: 29 connections per page. 25%-tile = 10 50%-tile = 20 75%-tile = 39 95%-tile = 78
  • 14. Deployment: Process of Elimination ● Avoid changing the lower-level transport ● Available transports: TCP or UDP. ○ Note: SCTP not an option due to NAT. ● UDP ○ We'd have to re-engineer TCP features. ● That leaves us with TCP. ○ Ok, so which port? 80 or 443?
  • 15. Deployment: Port 80 ● Should be our first choice. ● Except HTTP runs on port 80. ● Proxies and intermediates make for a treacherous environment. ○ HTTP/1.1 1999 - Pipelining still not deployed ○ Compression negotiation ● Upgrade header requires a round trip ● WebSockets Data Shows that using HTTP over a non- standard port is less tampered with than port 80. ○ Success rate: ■ HTTP (port 80) 67% ■ HTTP (port 61985) 86% ■ HTTPS (port 443) 95%
  • 16. Deployment: Port 443 ● Port 443 runs SSL/TLS. ○ Adds server authentication & encryption ● Handshake is extensible: ○ Next-Protocol-Negotiation www.ietf.org/id/draft-agl-tls-nextprotoneg-00.txt
  • 17. Less is More - Conns, Bytes, Packets
  • 18. Request Path SPDY (closer to actual) SPDY (human readable) 80 01 00 01 SYN frame 00 00 00 6b stream_id = 1 00 00 00 01 associated_stream_id = 0 00 00 00 00 priority = 1 40 00 00 04 num_headers = 4 06method04post [6]method[4]POST 03url1ahttp://blogger.com/my_blog [3]url[26]http://blogger.com/my_blog 0auser-agent13blahblahblah chrome [10]user-agent[19]blahblahblah chrome 07version08http/1.1 [7]version[8]HTTP/1.1 DATA frame stream_id = 1 00 00 00 01 flags = fin 01 00 00 1f length = 31 here is my very short blog post here is my very short blog post
  • 19. Why does SPDY require SSL? ● It doesn't. ● Started as a deployment challenge. ● However, Chrome will never ship a version that is not SSL based, Firefox engineers agree as well.