HTTP/2
Intro & Practice
Old Problems
- FIFO can't use duplex connection
- browsers use a lot of connections in concurrency
- big header problem
- setup a connection is expensive and we don't reuse it
- server push is hard to implement
Key features
- Binary Framing
- Multiplexing
- Header Compression
- Server Push
- Others ref to RFC 7540: https://tools.ietf.org/html/rfc7540
Verify plan
- Setup a simple website in HTTP/1.1
- Setup two websites with different HTTP/2 features
- Use docker-compose to map different ports
- Use wireshark to verify binary framing
- Setup self-signed certificate to use TLS in default
Practice location: https://github.com/yc-zhang/http2-practice
Binary Framing & Multiplexing
- Goal: one domain, one connection
- Implementation: Binary Framing & Streams
- Binary Framing: instead of RAW ASCII, seal data into different frames
- HEADERS\DATA\PRIORITY\SETTINGS...
- Streams: the carrier of frame in logical, HTTP2 use it to deal with multiplexing
- 1 connection - N streams
- could be used for single or shared
- independent, bidirectional sequence of frame exchange
- stream groups share context & flow-control
- One connection: TCP-SLOW START problem & bandwidth
Header compression
- Save bits: find a algorithm and apply it
- HPACK - rfc7541
- GZIP security risk:
- CRIME could attack with stream compression
- https://en.wikipedia.org/wiki/CRIME
Server push
- Server to provide content to clients without waiting for a request
- Save time & Improve user experience
- It's not designed to replace web-socket
- Suitable time and consider the cache
- Not EASY to deal, follow the best practice before you go
Others
- Security consideration
- HTTP/2 is a new protocol which supports HTTP/1.1 syntax
- Hard to implement below the application layer
- What about keep-alive
- What about load balance (HTTP LB or TCP LB)
- What about customized forwarder or PROXY?
- Could server push replace web-socket or the other RPC?
- Impact to WebServices
- ...