Daniel Stenberg explains HTTP/3 and QUIC at GOTO 10, January 22, 2019. This is the slideset, see https://daniel.haxx.se/blog/2019/01/23/http-3-talk-on-video/ for the video.
HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
As you will see in this film, there are a lot of questions from an interested and educated audience.
Daniel Stenberg is the founder and lead developer of the curl project. He has worked on HTTP implementations for over twenty years. He has been involved in the HTTPbis working group in IETF for ten years and he worked with HTTP in Firefox for years before he left Mozilla. He participates in the QUIC working group and is the author of the widely read documents ”HTTP2 explained” and ”HTTP/3 explained”.
4. AgendaAgenda
The road from HTTP 1 to 2 to 3The road from HTTP 1 to 2 to 3
Some details on TCP and TLSSome details on TCP and TLS
Problems with HTTP/2Problems with HTTP/2
Fixing TCP isn’t possibleFixing TCP isn’t possible
Why QUICWhy QUIC
How QUIC worksHow QUIC works
HTTP/3 is HTTP over QUICHTTP/3 is HTTP over QUIC
HTTP/3 is coming soon!HTTP/3 is coming soon!
5. Beware
I will presume basic networking knowledge
I will not show many protocol bytes or bits
Some details may change subtly before shipped
Feel free to interrupt and ask at any time!
16. OssificationOssification
Internet is full of boxes
Routers, gateways, firewalls, load balancers,
NATs...
Boxes run software to handle network data
Middle-boxes work on existing protocols
Upgrade much slower than edges
23. Built on experiences by Google QUIC
Google deployed “http2 frames over UDP”-QUIC in 2013Google deployed “http2 frames over UDP”-QUIC in 2013
Widely used clientWidely used client
Widely used web servicesWidely used web services
Proven to work at web scaleProven to work at web scale
Taken to the IETF in 2015Taken to the IETF in 2015
QUIC working group started 2016QUIC working group started 2016
IETF QUIC is now very different than Google QUIC wasIETF QUIC is now very different than Google QUIC was
24. Improvements
TCP head of line blockingTCP head of line blocking
Faster handshakesFaster handshakes
Earlier dataEarlier data
More encryption, alwaysMore encryption, always
Future developmentFuture development
25. Build on top of UDP
TCP and UDP remain “the ones”TCP and UDP remain “the ones”
Use UDP instead of IPUse UDP instead of IP
Reliable transport protocol - inReliable transport protocol - in
user-spaceuser-space
A little like TCP + TLSA little like TCP + TLS
26. UDP isn’t reliable, QUIC is
UDP
Connectionless
No resends
No flow control
QUIC
Uses UDP like TCP uses IP
Adds connections, resends and flow control on top
27. Streams!
QUIC provides streams
Many logical flows within a single connection
Similar to HTTP/2 but in the transport layer
Independent streams
29. Application protocols over QUICApplication protocols over QUIC
Streams for free
Could be “any protocol”
HTTP worked on as the first
Others are planned to follow
31. HTTP – same but different
RequestRequest
- method + path- method + path
- headers- headers
- body- body
ResponseResponse
- response code- response code
- headers- headers
- body- body
32. HTTP – same but different
HTTP/1 – in ASCII over TCP
HTTP/2 – binary multiplexed over TCP
HTTP/3 – binary over multiplexed QUIC
33. Stacks: HTTP/2 vs HTTP/3
IP
TCP
TLS 1.2+
HTTP/2
UDP
HTTP/3
QUIC
TLS 1.3
IP
34. Features: HTTP/2 vs HTTP/3
HTTP/2 HTTP/3
Transport TCP QUIC
Streams HTTP/2 QUIC
Clear-text version yes no
Independent streams no yes
Header compression HPACK QPACK
Server push yes yes
Early data In theory yes
0-RTT handshake no yes
35. QUIC is fasterQUIC is faster
data from Google done with Google QUIC
Shaving a full second off the Google Search page
load time for the slowest 1% of connections
18% less buffering time on YouTube
75% of connections can take advantage of QUIC’s
zero-round-trip feature
3% improvement in mean page google search load
time with QUIC
36. HTTPS is TCP?
HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere
TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443
37. This service - over there!
The Alt-Svc: response header
Another host, protocol or port number is the
same “origin”
This site also runs on HTTP/3 “over there”, for
the next NNNN seconds
39. HTTP/3 challenges
3-7% something of all QUIC attempts fail
Clients need “fall back” algorithms
CPU intensive
Unoptimized UDP stacks
“Funny” TLS layer
All QUIC stacks are user-land
No standard QUIC API
Lack of tooling
41. Implementations
Over a dozen QUIC implementations, but HTTP/3
lags behind
Google, Mozilla, Apple, Facebook, Akamai, Fastly,
Cloudflare, F5, LiteSpeed, and more
No browser has an implementation yet
Neither do Apache or nginx
curl doesn’t support HTTP/3 yet either
42. HTTP/3 deployments will take
time outside the top
HTTP/3 will grow slower than
HTTP/2 did
Some sites will stick to HTTP/
2
QUIC is for the long term
44. Take-aways
HTTP/3 is coming soonHTTP/3 is coming soon
HTTP/3 is always encryptedHTTP/3 is always encrypted
Similar to HTTP/2 but over QUICSimilar to HTTP/2 but over QUIC
QUIC is a transport done over UDPQUIC is a transport done over UDP
Challenges to overcomeChallenges to overcome
Live before summer 2019Live before summer 2019