Jalex Chang

2019.08.17

HTTP/3 and QUIC

Jalex Chang

- Backend Engineer @ Umbo Computer Vision

- Taiwan Data Engineering Association Member

- Golang Taiwan Member

Contact:

- jalex.cpc @ Gmail

- jalex.chang @ Facebook

- JalexChang @ GitHub

Agenda

  • Introduction
  • HTTP/3
  • QUIC
  • Discussion
  • Summary

References

[1] HTTP/3 explained, https://http3-explained.haxx.se/en/

[2] QUIC-GO, https://github.com/lucas-clemente/quic-go

[3] Draft-ietf-quic-http-22 (HTTP/3 draft-22), https://tools.ietf.org/html/draft-ietf-quic-http-22

[4] Draft-ietf-quic-transport-22 (QUIC draft-22), https://tools.ietf.org/html/draft-ietf-quic-transport-22

[5] RFC-8446 (TLS 1.3) , https://tools.ietf.org/html/rfc8446

Introduction

  • In this tech talk, we are going to introduce HTTP/3 and its underlying transport protocol - QUIC.
  • The topics we would cover in the talk:
    • Why do we need a new HTTP protocol?
    • Why do we need a new transport protocol?
    • What is QUIC?
    • How does QUIC work?
    • What is HTTP/3? 
    • HTTP/2 vs HTTP/3
    • Common concern/criticism of HTTP/3.

OSI Model

What is HTTP?

  • There are several HTTP versions have been published:
    • HTTP/1.1 (Jun. 1999)
    • HTTP/2 (May 2015)
    • HTTP/3 (Nov. 2018 -> Jul. 2019 -> TBD)

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. - Wikipedia

What is the problem?

 

It is all about head-of-line blocking (HOL blocking).

HOL Blocking in HTTP/1.1

Application layer's HOL blocking.

HOL Blocking in HTTP/2

Transport layer's HOL blocking

  • With HTTP/2, browsers do parallel transfers over a single TCP connection.

  • Through stream multiplexing

    • HTTP/2 eliminates HOL blocking at the application layer

    • But HOL blocking still exists in the transport layer.

  • If a single packet is dropped

    • The entire TCP connection is brought to a halt while the lost packet is re-transmitted.

How can we solve the problem?

  • It is caused by TCP => we need a new transport protocol.
    • Without HOL blocking in the transport layer.
    • But also provide reliable and secure data transfer.
  • Can we build a new transport protocol?
    • Do you remember the SCTP?
    • Protocol ossification is always a problem!
      • Firewalls, NATs, routers and other middle-devices are old and only allow deploying TCP or UDP.

HTTP-over-QUIC (HTTP/3) Is Born

HTTP/3

What is HTTP/3?

  • A new-generation HTTP protocol

    • Born to solve the transport HOL blocking issue.

  • It remains the same paradigms and concepts like HTTP/2.

    • Still have headers and bodies, requests and responses, verbs, cookies, and caching.
  • The most difference between HTTP/2 and HTTP/3

    • How to send bits during peer communication (TCP -> UDP).

  • The specification of HTTP/3 is still in progress. 

    • The latest version is draft-22 (Jul. 2019 ).

Comparison

HTTP/2 HTTP/3
Data Transfers TCP QUIC (UDP)
Connections ✔️  ✔️
Connection Migration ✔️
Streams Application layer Transport layer
Stream Multiplexing ✔️ ✔️
Stream Prioritization ✔️ ✔️
Flow Control ✔️ ✔️
Secure Optional ✔️ (TLS 1.3)
Transport Handshake 2/3-RTT 1-RTT
Fast Handshake ✔️ (TCP fast open) ✔️ (TLS 1.3)
Server Push ✔️ ✔️
Header Compression ✔️ (HPACK) ✔️ (QPACK)

HTTP/3 Promotion

HTTP/3 Fallback

QUIC

What is QUIC?

  • QUIC is a name, not an acronym.  It means "quick".
  • A new reliable and secure transport protocol implemented on top of UDP.
  • Designed to serve general application protocols.
    • HTTP is its initial target.

History

  • The initial QUIC protocol "Quick UDP Internet Connections" was designed by Google in 2012.
  • Google sent the first draft of QUIC to IETF  for standardization in Jun 2015.
  • A QUIC working group got approved and started in late 2016.
  • in 2017, Google has mentioned that around 7% of Internet traffic in Google was already using Google-QUIC.
  • The specification of QUIC is still in progress. The latest version is draft-22 (Jul. 2019 ).

Protocol Features

  • Transfer protocol over UDP
    • Avoid protocol ossification.
    • Middle-devices can only see encrypted UDP packets.
  • Reliable data transfers
    • Re-transmissions of packets, congestion controls, pacing and other features presented in TCP.
  • Streams and connections
    • It is similar to HTTP/2 but implemented in the transport layer.
  • In-order delivery
    • It guarantees in-order delivery within a stream, but not between streams.
  • Secure and transport handshakes
    • It is powered by TLS 1.3 and provides two handshakes (0-RTT and 1-RTT).

Connections

  • A QUIC connection is a single conversation between two endpoints.
  • To reduce connection establishment latency
    • Combine version negotiation, cryptographic and transport handshakes together.

Connection ID​

  • A connection ID can be used to identify a connection.
  • ​Each connection has multiple connection IDs.
  • ​There are two types of Connection ID: source and destination.
  • Connection IDs are independent of IP and ports.
    • Connections can be migrated between IP and network interfaces.

Connection ID Negotiation

Streams

  • An ordered byte-stream abstraction.
    • A stream can carry multiple messages (request/response).
    • There are unidirectional and bidirectional streams.
  • Streams are parallel and out-of-order delivery.

Stream ID

  • An unsigned 62-bit integer.
  • Is increasing and unique numeric within a connection.

Stream prioritization

  • QUIC cannot do prioritization by itself.
  • Rely on receiving priority info from the application layer.

Cryptographic and Transport Handshake

  • There is no clear-text version in QUIC.
    • Only allows TLS 1.3 or greater versions.
  • Combine all stuff together in one round trip time.​

TLS 1.3

  • Support full TLS handshake and fast TLS handshake.
  • The fast TLS handshake (0-RTT handshake)
    • Allows clients to include early data during handshake under constraints.

0-RTT Handshake in TLS 1.3

Requirements

  • The client has a previous connection to the server.

  • The secret of the connection has been cached in both of them.

  • The server has enabled the 0-RTT handshake (accept early data).

API

  • Unfortunately, there is no standard API for QUIC.

  • QUIC is typically implemented in user-space.

    • No OS kernels support QUIC right now.

  • QUIC cannot easily extend the socket API to how existing TCP and UDP functionality do.

Concern and Criticism

  • UDP will never work.
  • UDP is slow in kernels.
  • QUIC takes too much CPU.
  • We are not Google.
  • Look HTTP/2, will HTTP/3 be popular?
  • Too small of an improvement.

We will see, time will prove it.

QUIC-GO

  • Partially support IETF version in draft-22.
  • Features are working in progress - contributors are needed!

Discussion Issues in net/http

A list of implementations

 

Implementations and Issues in Golang

HTTP Servers Based on QUIC-GO

Takeaways

In this tech sharing, we have introduced HTTP/3 and QUIC.

  • Goals of HTTP/3 are reducing latency and solving HOL blocking in the transport layer.

  • ​QUIC  provides data transfers with reliable, secure, but lower-latency.
  • Even though QUIC looks powerful, it still has rooms to improve in the aspect of security and resource consumption.

 

​HTTP/3 and QUIC are more likely designed for the next decade.

  • What we can do are learning, thinking, and contributing!​ 

Thanks for listening.

We are hiring now!

Our booth is at 109 1F,

come to chat with us!
 

HTTP/3 Leaks

By Jalex Chang

HTTP/3 Leaks

Introduce http/3 and QUIC.

  • 1,225