Explains issues of HTTP/2, how they are to be solved, what can be done to control the protocol using ruby.

1. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Recent Advances in HTTP,
controlling them using ruby
DeNA Co., Ltd.
Kazuho Oku

2. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Who am I
 lead developer of H2O HTTP/2 server
⁃ one of the most sophisticated HTTP/2 impl.
⁃ initial public release: 2014/10 (license: MITL)
⁃ used by Fastly, etc.
 author of Cache-Digests Internet Draft
⁃ considered as an essential work for HTTP/2 push
 works at DeNA Co., Ltd.
 also developer of: Q4M, Starlet, pisojson, ...
2Recend Advances in HTTP2, controlling them using ruby

3. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Current State of HTTP
3Recend Advances in HTTP2, controlling them using ruby

4. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Why use HTTP/2?
 latency has become the bottleneck of the Web
 HTTP/2 to conceal latency by raising concurrency
⁃ 6 concurrent requests in HTTP/1
⁃ ~100 in HTTP/2
4Recend Advances in HTTP2, controlling them using ruby

5. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Current state of HTTP
 HTTP/2 (RFC 7540) released on May 2015
1: https://github.com/HTTPWorkshop/workshop2016/blob/master/talks/http2-review-data.pdf
5Recend Advances in HTTP2, controlling them using ruby
45
28
37
41
18
31
0% 20% 40% 60% 80% 100%
2015/7
2016/7
# of transactions by Firefox1
HTTP HTTPS (H1) HTTPS (H2)

6. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Key features of HTTP/2
 header compression (HPACK)
 multiplexing & prioritization
 push
6Recend Advances in HTTP2, controlling them using ruby

7. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Header compression
 working well
 according to Mozilla1:
⁃ median – 90% reduction
⁃ 80th percentile – 75% reduction
⁃ 90th – 10% reduction
7Recend Advances in HTTP2, controlling them using ruby

8. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Multiplexing & prioritization
 HTTP/2 multiplexes responses into one TCP conn.
⁃ client gives hint for prioritization
⁃ server uses the hint to schedule the responses
 but some client-server pairs don’t do it right
8Recend Advances in HTTP2, controlling them using ruby

9. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push
 positive reports:
⁃ “20-30% speedup on page render time”2
 negative comments:
⁃ many unnecessary pushes (47% are reset2)
⁃ increased render time in anti-patterns3
⁃ “consider preload instead of push”3
 push from edge
⁃ how?
2: https://github.com/HTTPWorkshop/workshop2016/blob/master/talks/server-push.pdf
3: https://docs.google.com/document/d/1K0NykTXBbbbTlv60t5MyJvXjqKGsCVNYHyLEXIxYMv0/edit
9Recend Advances in HTTP2, controlling them using ruby

10. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Fixes?
10Recend Advances in HTTP2, controlling them using ruby

11. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Flow of an ideal HTTP transaction
 respond to high-priority requests
immediately
 send resources in right order
⁃ first send CSS/JS
⁃ then send the HTML
⁃ then send the images
 push only the resources not cached
by the client
11Recend Advances in HTTP2, controlling them using ruby
client server
1RTT

12. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
The reality
 respond to high-priority requests
immediately
⁃ blocked by unsent data in TCP
 send resources in right order
⁃ some browsers don’t specify
priority, some servers fail to
respect priority
⁃ issues caused by hidden resources
 push only the resources not cached
by the client
⁃ how?
12Recend Advances in HTTP2, controlling them using ruby
client server
1RTT

13. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking
 head-of-line (HoL) blocking:
⁃ high-priority data blocked by preceding data in
flight
 TCP HoL blocking:
⁃ data in TCP send buffer blocks following data of
higher priority
13Recend Advances in HTTP2, controlling them using ruby

14. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking
14Recend Advances in HTTP2, controlling them using ruby
 typical H2 server writes much more than that can be
sent immediately
⁃ unsent data in TCP send buffer (and TLS buffer)
HOL-blocks following data
TCP send buffer
CWND
unacked poll threshold
TLS buf.
TLS Records
sent immediately not immediately sent
HTTP/2 frames

15. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking: the solution
 write only what can be sent immediately
⁃ obtain CWND and unacked size using TCP_INFO
 adjust poll threshold to delay write notification until
TCP becomes ready to send some data immediately
15Recend Advances in HTTP2, controlling them using ruby
CWND
unacked poll threshold
TLS Records
sent immediately not immediately sent
HTTP/2 frames
TCP send buffer

16. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking: benchmark 1
16Recend Advances in HTTP2, controlling them using ruby
 conditions:
⁃ server in Ireland, client in Tokyo (RTT 250ms)
⁃ load tiny js at the top of a large HTML
 result: delay decreased from 511ms to 250ms
⁃ i.e. JS fetch latency was 2RTT, became 1 RTT
• similar results in other environments

17. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP head-of-line blocking: benchmark 2
 using same data as previous
 server: Sakura VPS (Ishikari DC)
17Recend Advances in HTTP2, controlling them using ruby
0
50
100
150
200
250
300
HTML JS
milliseconds
downloading HTML (and JS within)
RTT ~25ms
master latopt

18. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
HTTP/2 prioritization
18Recend Advances in HTTP2, controlling them using ruby
Root
Leader G
Follower G
weight: 1
HTML
weight: 32
Image
weight: 22
Image
weight: 22
Image
weight: 22
CSS
weight: 32
CSS
weight: 32
 hybrid approach using weights and chaining
⁃ servers are expected to obey to the priority
specified by the clients
 Firefox’s prioritization graph is shown below
JS
weight: 32
JS
weight: 32

19. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
HTTP/2 prioritization
 some web browsers fail to specify priority
⁃ Safari, Blink
⁃ older versions of Chrome also had issues
⁃ server-side countermeasures required
19Recend Advances in HTTP2, controlling them using ruby
Root
HTML
weight: 16
CSS
weight: 16
JS
weight: 16
Image
weight: 16
Image
weight: 16
Image
weight: 16

20. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
HTTP/2 prioritization: the solution
 bandwidth distribution on server-side:
⁃ use Weighted Fair Queuing (WFQ) or Deficit
Round Robin (DRR)
⁃ some servers do it right:
• nghttp2 (and Apache) implements WFQ in O(log N)
• H2O approximates WFQ in O(1)
 detect dumb clients and fallback to server-driven
prioritization
⁃ H2O reprioritizes CSS, JS for clients that do not
use priority chains
20Recend Advances in HTTP2, controlling them using ruby

21. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
HTTP/2 prioritization: benchmark
 differences between the times spent until first-paint
(red bar)
21Recend Advances in HTTP2, controlling them using ruby

22. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Hidden resource
 hidden resource: a resource
specified in CSS (@import) or
JavaScript
⁃ was anti-pattern in HTTP/1
⁃ anti-pattern in HTTP/2 as well
 solution:
⁃ avoid use of hidden resources
that block rendering (e.g. CSS,
JS)
⁃ or, specify them using link:
rel=preload
22Recend Advances in HTTP2, controlling them using ruby
client server

23. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push
 three use-cases:
⁃ prioritization
⁃ push while processing request
⁃ push from edge
23Recend Advances in HTTP2, controlling them using ruby

24. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Pushing for prioritization
24Recend Advances in HTTP2, controlling them using ruby
client server
GET /
GET
/style.css
HTTP/2 200 OK
<html>
<link
rel=style.css...
HTTP/2 200 OK
body: ...
#title: ...
1. send CSS, JS first
2. then send HTML
(can be rendered
progressively)
without push
client server
GET /
GET /style.css HTTP/2
HTTP/2 200 OK
body: ...
#title: ...
with push
HTTP/2 200 OK
<html>
<link rel=style.css ...

25. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push while processing request
 web applications involving DB access, etc.
25Recend Advances in HTTP2, controlling them using ruby
req.
processrequest
push-asset
HTML
push-asset
push-asset
push-asset
req.
processrequest
asset
HTML
asset
asset
asset
req.
450ms(5RTT+processingme)
250ms(1RTT+processingme)
without push with push

26. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push from edge
 CDNs’ use-case
⁃ utilize the conn. while waiting for app. response
26Recend Advances in HTTP2, controlling them using ruby
req.
push-asset
HTML
push-asset
push-asset
push-asset
client edge server (CDN) app. server
req.
HTML

27. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
How to push
 H2 server may push preloaded links
⁃ e.g. Link: </style.css>; rel=preload
⁃ H2 server may push preloaded links
⁃ recognized by Apache, H2O, nghttp2
⁃ patch exists for Nginx
 use nopush attribute to opt-out
⁃ e.g. Link: </dontpush.jpg>; rel=preload; nopush
 note: use of preload as a push indicator is upon the
process of standardization at W3C
27Recend Advances in HTTP2, controlling them using ruby

28. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
How to push while processing request
28Recend Advances in HTTP2, controlling them using ruby
 send Link: rel=preload as interim response
⁃ application sends 100 then processes the request
 supported in H2O 2.1
GET / HTTP/1.1
Host: example.com
HTTP/1.1 100 Continue
Link: </style.css>; rel=preload
HTTP/1.1 200 OK
Content-Type: text/html
<!DOCTYPE HTML>
...
HTTP/2 server app. server Web app.
GET /
100 Continue
Link: …
GET /
200 OK
200 OK
processrequest

29. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
How to push while processing request
 configure your H2 server
⁃ in case of H2O:
mruby.handler: |
Proc.new do |env|
push_paths = []
if /(/|.html)$/.match(env["PATH_INFO"])
push_paths << "/style.css”
...
end
[399, push_paths.empty? ? {} : {"link" =>
push_paths.map{|p| "<#{p}>; rel=preload"}.join("n")}, []]
end
file.dir: /path/to/doc-root
29Recend Advances in HTTP2, controlling them using ruby

30. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
BTW, you can do more by using mruby
 HTTP authentication
mruby.handler: |
require "htpasswd.rb"
Htpasswd.new("/path/to/.htpasswd", "realm-name")
 DoS mitigation
mruby.handler: |
require "dos_detector.rb"
DoSDetector.new({
:strategy => DoSDetector.CountingStrategy.new({
:period => 10,
:threshold => 100,
:ban_period => 300,
}),
})
30Recend Advances in HTTP2, controlling them using ruby

31. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
... and more
 Access Control
mruby.handler: |
acl {
allow { addr == "127.0.0.1" }
deny {
user_agent.match(/curl/i) && !addr.start_with?("192.168.")
}
respond(503, {}, ["Service Unavailable"]) {
addr == malicious_ip
}
redirect("https://example.com/", 301) {
path =~ /moved/
}
use Htpasswd.new("/path/to/.htpasswd", "realm") {
path.start_with?("/admin")
}
}
31Recend Advances in HTTP2, controlling them using ruby

32. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
... and more
 fast IPv4 address matching using Trie4
mruby.handler: |
require "trie_addr.rb"
trie = TrieAddr.new.add([
"192.168.0.0/16", "172.16.0.0/12", ...]
)
acl {
allow { trie.match?(addr) }
deny
}
4: http://dsas.blog.klab.org/archives/51293338.html
32Recend Advances in HTTP2, controlling them using ruby

33. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
How to push from edge
 depends on CDN
⁃ some CDNs may use RUM-based approach
⁃ others may provide DSL
• GCP provides http2-push-manifest (JSON-based)
⁃ though cannot be used for pushing from edge
⁃ anybody using (m)ruby on edge?
33Recend Advances in HTTP2, controlling them using ruby

34. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Push vs. cache
 why would you ever push cached resources?
⁃ it’s waste of bandwidth (and time)
 several ways to avoid pushing cached resources
⁃ cookie-based
• supported by H2O
⁃ cache-digest
• supported by Apache, H2O
• needs browser support or ServiceWorker script
• standardization in process at IETF
⁃ implement your own
34Recend Advances in HTTP2, controlling them using ruby

35. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Avoiding negative effect caused by push
 don’t push unless your mechanism is cache-aware
 only push resources that block rendering
⁃ reason:
• H2 endpoints have difficulty in distributing bandwidth
bet. pushed and pulled responses
• negative effect caused by HoL blocking, prioritization
and hidden resources becomes more apparent with
push
 above rules don’t apply to the tiny pushes
⁃ i.e. those used as a replacement for inlining (i.e.
<img src=“data:...”>)
35Recend Advances in HTTP2, controlling them using ruby

36. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Summary
36Recend Advances in HTTP2, controlling them using ruby

37. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Summary
 HTTP/2 has become popular
 the effectiveness varies between implementations
⁃ HoL-blocking avoidance, prioritization, cache-
aware push, ...
⁃ upcoming specs (e.g. TLS/1.3, QUIC) may cause
even more difference
⁃ careful evaluation of servers / CDNs is important
 H2O is the leader in HTTP/2 server performance
⁃ and can be configured using mruby
37Recend Advances in HTTP2, controlling them using ruby