What's New in HTTP/2

What’s new in HTTP/2?28 Oct 2015

MORE INFORMATION AT NGINX.COM

Your Questions

1. Who are we?● Floyd Smith, Technical Marketing Writer. Author of NGINX White Paper, “HTTP/2

for Web Application Developers”. ● Faisal Memon, Product Marketer ● Here in spirit: Valentin Bartenev, SPDY and HTTP/2 lead developer at NGINX,

presenter at industry conferences. Author of blog post, “7 Tips for Faster HTTP/2 Performance”.

2. How will HTTP/2 affect my site?

3. Who will be implementing it?

4. Should I implement HTTP/2, and when?


Agenda

● Why HTTP/2 is important

● What’s new in HTTP/2

● How NGINX supports HTTP/2

● Conclusion


Why HTTP/2 is Important

1. Encourage security for users• Credit card information theft• Login information theft• “Soft data” such as sites visited and search terms used

2. Protect publishers and advertisers• Make sure site content gets to users• Protect ads from being hijacked and replaced - key concern for Google, all• Assurance for users

3. Side benefits• Reduce Internet congestion by reducing connections• Make app development and maintenance easier


Who Should Consider HTTP/2

1. Current SPDY Sites• Matter of timing• SPDY deprecated for Q1 2016

2. Greenfield SSL/TLS Sites• Should be better performance• Simplifies code and delivery architecture

3. Performance-Critical SSL/TLS Sites• Test performance before deployment• Use time saved by simpler coding for other improvements

4. Sites that want tech bragging rights• Client software (browsers), server software (ie NGINX!), and tools (WireShark)• Sites that like to lead on technology and that are actually faster on HTTP/2• Developers or business side can lead


Who Uses HTTP/2 / SPDY Already

1. Get the Indicator for Google Chrome• Search for “Chrome plugin HTTP/2”• Or go to https://chrome.google.com/webstore/detail/http2-and-spdy-indicator/• Grey - HTTP/1.x, Green - SPDY, Blue - HTTP/2, Red - QUIC

2. A few current users (most of Top 10 websites - not eBay, Microsoft)• SPDY: Facebook, YouTube, Baidu, Yahoo!, Amazon, Wikipedia, Dropbox• HTTP/2: Google search, Cloudflare, WordPress• QUIC (Google experimental protocol): Gmail, Google Calendar etc.

https://chrome.google.com/webstore/detail/http2-and-spdy-indicator/


SPDY - Predecessor to HTTP/2

1. Introduced by Google five years ago● One connection, multiplexing, SSL/TLS, compressed headers, prioritization -

like HTTP/2● Proprietary, non-standard ● Protects “soft data” such as sites visited and search terms used

2. Protect publishers and advertisers● Make sure site content gets to users● Protect ads from being hijacked and replaced - key concern for Google, all

3. Side benefits● Reduce Internet congestion by reducing connections● Make app development and maintenance easier● Minus: Binary protocols harder to debug

4. NGINX the SPDY leader● Early, robust, widely recognized support in NGINX● Only about 5% of sites used SPDY - Google, Facebook, WordPress - but

awareness and interest among developers were high


Agenda




● Conclusion


HTTP Refresher

• Hyper Text Transfer Protocol

• Defines how web content is downloaded over the internet

• Language is actions (GET, POST, etc)

• Last update was in June 1999 (HTTP/1.1)

GeoCities was the third most popular website in 1999


HTTP/1

HTTP/2


HTTP/1.1 Overview

• One request at a time per TCP connection

Why?• Easier implementation• Thread/Process per connection

What about HTTP Pipelining? • Defined but not used in practice• Still requires In-order completion

GET /

GET /a.css

GET /b.jpg

200 OK

200 OK

200 OK


HTTP/1.1: Multiple Connections

Browsers typically makes 6 connections per domain


HTTP/1.1: Performance Improvements

• Domain Sharding – Use multiple sub-domains to get more connections

• sub-1.example.com, sub-2.example.com, sub-3.example.com, etc.• Complicates architecture

• Concatenating – Combine resources (CSS, JS, images) into a single larger image

• Poor cache utilization – Change in one element means entire combined resource must be fetched

• Delays – Must download entire resource before any concatenated resource can be used

• Inlining – Embed resources directly within the HTML• Duplication – Must be inlined everywhere it is being used


HTTP/2: True Multiplexing

• Multiples requests over a time per TCP connection

• Out of order completion

• Actions (GET,POST, etc) are unchanged

• Based on Google’s SPDY protocol


HTTP/2: True Multiplexing

Requests and Responses are interleaved on the same TCP connection

- From High Performance Browser Networking by Ilya Grigorik


HTTP/2: Binary Header


HTTP/2: Request Prioritization

Web content can be assigned weights and dependencies


HTTP/2: More features

• Server Push – Server pushes resources to client before it requests it

• Header Compression – HPACK header compression reduces size of HTTP/2 header

• Mandatory SSL – Not mandated by RFC but Chrome and Firefox won’t support without it

• More secure websites• Higher search rankings for encrypted sites


HTTP/2: Backwards Compatibility

• ALPN (OpenSSL 1.0.2)

• NPN (OpenSSL 1.0.1)

• Browser sends list of supported protocols

• If h2 in list, HTTP/2 will be used


Agenda




● Conclusion


How NGINX Supports HTTP/2

NGINX translates HTTP/2 to the language your application speaks


How NGINX Supports HTTP/2

• Supported in both NGINX Plus R7 and NGINX 1.9.5

• Pre-built binaries are built with OpenSSL 1.0.1• ALPN is supported but requires OpenSSL 1.0.2• Compile from source to use ALPN

• SPDY and HTTP/2 not supported at the same time

• No Server Push yet...


NGINX HTTP/2 Configuration

server { listen 80; return 301 https://$host$request_uri;}

server { listen 443 ssl http2 default_server;

ssl_certificate server.crt; ssl_certificate_key server.key; …}


Agenda




● Conclusion


What Developers Have to Do

1. Monitor browser support for HTTP/2• 63% of current browsers support it• Adding about 2% per month• Older browsers default to HTTP/1.x

2. Decide when to move to SSL and HTTP/2• Move to SSL can be a big deal - not good for streaming media• Moving to HTTP/2 soon is a no-brainer for SSL sites• SPDY is an interim solution to early 2016

3. Implement changes• Turn on HTTP/2 in NGINX• Remove or modify HTTP/1.x optimizations: Domain sharding, image sprites,

code concatenation, inlining files

http://tools.ietf.org/html/rfc7540%23section-9.1.1


Think Through HTTP/2 Implementation

1. Are you already a leader?• SPDY user• Performance-led website• Wanting tech cred

2. Greenfield SSL/TLS Sites• Should be better performance• Simplifies code and delivery architecture

3. Performance-Critical SSL/TLS Sites• Test performance before deployment• Use time saved by simpler coding for other improvements

4. Sites that are tech leaders• Client software (browsers), server software (ie NGINX!), and tools (WireShark)• Sites that like to lead on technology and that are indeed faster on HTTP/2• Developers or business side can get the ball rolling


What You Can Do

1. Read the Materials• Upcoming blog post, 7 Tips for Higher HTTP/2 Performance, nginx.com//7-tips-

http2• Links to white paper, HTTP/2 for Web Application Developers, nginx.com/http2-

ebook• Links to Valentin Bartenev presentation, https://www.nginx.com/http2-

presentation• Ilya Grigorich special edition ebook, High Performance Networking,

nginx.com/http2-ebook

2. Ask customers their SSL and HTTP/2 expectations

3. Position your site as a leader on SPDY and HTTP/2, or…. Wait and see on SPDY and HTTP/2

http://nginx.com/http2-wp


https://www.nginx.com/http2-presentation

https://www.nginx.com/http2-presentation


http://nginx.com/http2-ebook

What's New in HTTP/2

Technology