SPDY, HTTP/2, QUIC protocol

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

1 SPDY protocol

1.1 overview

SPDYspeedy(word meaning: fast) abbreviation, pronunciation is speedy.

SPDY protocol has published 4 draft version 1, 2, respectively, 3, 3.1. The current version 4 is in the experimental stage, but not released, Chromium had some 4 version of the code.

The advantage of SPDY compared with HTTP:

  1. Multiplex connection, can be in a TCP connection to send multiple resources. AnswerTCP slow startCharacteristic.
  2. Request priority, important resource priority transmission.
  3. The HTTP header data is compressed, the province flow.
  4. The server can connect client to push resources(Server Push).

Shortcomings:

  1. Single connection blocking by TCP thread (head-of-line blocking) characteristics and transmission speed is limited. There may be loss of plus, its negative influence over compression head and priority benefits of control.

As a result of these shortcomings, SPDY in small website (resource file number) of the effect is not obvious, there may be many more slowly than concurrent connections. (thus gave birth to the QUIC)

The 1.2 protocol layers

For security reasons, the SPDY set up inTLSAbove, URL scheme https. The inventor said TLS handshake is occupied by the time and the flow in a certain extent, but the network security is an inevitable trend, so do not care about the cost of. The protocol level as follows:

   SPDY  ←  HTTP  
    ↓
   TLS   ←  NPN  
    ↓
   TCP

Compared with common HTTPS protocol layer:

    HTTP  
     ↓
  SSL/TLS   
     ↓
    TCP

Although SPDY protocol based on TLS instead of HTTP protocol, but the contents of SPDY and contains the content of HTTP protocol, using design patterns to understand is the application of the decorator pattern extends HTTP.

In addition to above TLS without using the standard HTTP protocol, an extended NPN TLS (Next Protocol Negotiation, protocol negotiation).

1.3 NPN

NPN is simply in the handshake of TLS increased in some fields to show that the server and the client want to using HTTP based on TLS (SPDY) protocol. NPN Google is also proposed, paving the way for SPDY.

Implementation of Client client program is: shake hands before the OpenSSL (or its base package) setting acceptable which protocol, gets to choose which protocol handshake, then according to the selected communication protocol.

1.4 data format

This section will not be a complete introduction to SPDY, only the key, and assumes that the reader is familiar with the HTTP protocol does not explain HTTP similar concepts in SPDY.

SPDY is a one-way transmission (server to client or client to server) content called frame (frame), according to the agreement the assembly frame is called binding (framing). The frame includes the head (header) and load (payload), similar to the HTTP of the head (header) and solid (entity), but has the following differences:

  1. SPDY header is 8 bytes, according to the different numerical bits to represent different information, and the load of HTTP head into the SPDY.
  2. The HTTP entity (except POST information) is a data file (data), SPDY load in addition to the file data can also be other information.

According to the loading content, frame is divided into control and data frames.

The control frame of data format:

+----------------------------------+
|C| Version(15bits) | Type(16bits) |
+----------------------------------+
| Flags (8)  |  Length (24 bits)   |
+----------------------------------+
|               Data               |
+----------------------------------+

The data frame format:

+----------------------------------+
|C|       Stream-ID (31bits)       |
+----------------------------------+
| Flags (8)  |  Length (24 bits)   |
+----------------------------------+
|               Data               |
+----------------------------------+

The significance of each data bit:

Put a HTTP Request/Response called SPDY (Stream) flow back and forth, because multiplexing TCP connection, so a SPDY connection will have multiple streams. In order to distinguish the different flow, use Stream-ID to mark the serial number (Note: because of reload, so URL cannot be determined by a stream). Stream-ID is also found in 4 kinds of control frames (SYN_STREAM, SYN_REPLY, RST_STREAM, HEADERS) payload.

8 types of control frames:

  1. SYN_STREAM: Create a stream, carrying a request in payload(Request).
  2. SYN_REPLY: Reply to create a stream, carrying the HTTP head in payload. Note: the SPDY HTTP response response header apart, put in the control frame of SYN_REPLY payload and response entity after compression, placed in the data frame.
  3. RST_STREAM: Report errors in payload flow, carries the error types.
  4. SETTINGS: Query or set control information. Processing information is of 8 kinds: upload bandwidth, download bandwidth, Round Trip time, maximum concurrent flow quantity, TCP CWND, download the retransmission rate, initial window (Window) value, certificate number.
  5. PING: A mechanism to measure the Round Trip time.
  6. GOAWAY: Notice to disconnect TCP.
  7. HEADERS: To do to add in SVN_REPLY response header, or transmission of private information, the specific application can be used in the custom extension.
  8. WINDOW_UPDATE: Set the window size.

The frame format of reference (control protocol for finishing the document to understand the specific meaning, can be skipped, click the image for a larger view):


1.5 process

The following chart general process:


Server end Server Push process: after recovery client end of the SYN_STREAM, and then launched SYN_STREAM at the server end, and in the payload field with Associated_To_Stream_ID says the push and which stream Association.

2 HTTP/2

2.1 overview

HTTP/2 quasi draft Eleventh EditionIn the March 17, 2014 updatehttp://http2.github.io/http2-spec/.

HTTP/2 by the organization for standardization to develop, is based on the SPDY, the difference is:

  1. Increasing the mechanism of HTTP/1.1 Upgrade, HTTP/2 can be used directly in TCP, unlike SPDY, must be in TLS.
  2. HTTPS using the NPN connection specification version ALPN(Applcation Layer Protocol Negociation).
  3. Discuss and confirm the process more perfect agreement.
  4. Better Server Push process.
  5. Increase in the types of control frames, and the frame format will consider more carefully.
  6. A new algorithm of HPACK SPDY header block special compression.

HTTP/2 document with some examples and details, this is no SPDY.

The latest Chromium code and Google site has support for HTTP2-10 (HTTP/2 draft Tenth Edition).

2.2 ALPN

The fifth edition of ALPN published in March 3, 2014 in the draft. It is based on the NPN, and the process optimization, but the principle has not changed, is to add a negotiation protocol in the TLS handshake process means. Standard process:

   Client                                              Server

   ClientHello                     -------->       ServerHello
     (ALPN extension &                               (ALPN extension &
      list of protocols)                              selected protocol)
                                                   Certificate*
                                                   ServerKeyExchange*
                                                   CertificateRequest*
                                   <--------       serverhellodone 
certificate* 
clientkeyexchange* 
certificateverify* 
[changecipherspec] 
finished                           -------->
                                                   [ChangeCipherSpec]
                                   <--------       Finished
   Application Data                <------->       Application Data

The current Chromium PC released version ALPN is already in use, no NPN.

Application of 2.3 TCP

HTTP/2 can be used with HTTP or HTTPS scheme as URL.

When using HTTP scheme, client HTTP/1.1 first request to server, but to join the header Upgrade and HTTP2-Settings. The format for the:

GET /default.htm HTTP/1.1
Host: server.example.com
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings: <base64url encoding of HTTP/2 SETTINGS payload>

If the server supports HTTP/2, in response to the status code 101, form as follows:

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: h2

[ HTTP/2 connection ...

Then the two sides began as the transport protocol based on HTTP/2. Otherwise HTTP/1.1 reply response, namely HTTP/1.1 200 OK.

3 QUIC

QUIC Quick UDP Internet Connections abbreviation, is read as quick. Developed by Google, the outline design document on the Google Docs https://docs.google.com/document/d/1RNHkx_VvKWyWg6Lr8SZ-saqsQx7rFV-ev2jRFUoVD34/edit, still continue to be updated. Detailed design document transmission format on the HTTPS://docs.google.com/document/d/1WJvyZflAO2pq77yOLbp9NsGjC1CHetAXV8I0fQe-B_U/edit.

Summary of design documents from the TCP/UDP characteristics, network security and other considerations, do a lot of design ideas are discussed in the paper, at the beginning of the 4 disadvantages of SPDY:

  1. A single packet loss (packet) will block the whole flow(stream).
  2. TCP congestion avoidance mechanisms do not, lead to bandwidth reduction and serialization latency overhead.
  3. TLS session reconnected waiting time overhead. Holding a mobile phone for additional Round Trip.
  4. TLS decryption overhead. The first packet must wait behind the packet arrival can decrypt.

You can think of the QUIC is to solve the bottleneck of SPDY met in TCP and in UDP do exploration of the scheme. The reference SPDY to understand, can be considered to transfer the contents of QUIC is divided into two layers, the top is similar to the SPDY, the lower layer is the encryption process imitation implemented on the UDP TCP connection oriented characteristics and reliability with similar TLS.

QUIC document is still unfinished state, and the implementation of Chromium code is in perfect, it was a test of semi finished products, no performance data. A shallow study is not deep.

Reprint please indicate the source:

4 research and survey

4.1 SPDY server architecture

4.1.1 Apache

Method of building specific please refer to "Linux Mint + Apache2.2 to build SSL/HTTPS/SPDY server .

Environment configuration for the Linux + Apache2.2 + mod_spdy. Where mod_spdy is the Chromium for the development of the Apache plug-in, only supports Apache2.2, directly installed plug-in package. The SPDY protocol version 3.

4.1.2 Nginx

Method of building specific please refer to "Linux Mint + Nginx 1.5.11 to build SSL/HTTPS/SPDY server .

Environment configuration for the Linux + Nginx1.5.11, need to enable SPDY to compile the source code, the package does not support. The SPDY protocol version 3.1, also does not support Server Push.

4.1.3 share

According to the news Webpage, in the global top 1000 high traffic sites used by the Web server, Nginx 34.9%, Apache 34.5%. The two were ranked first and second, third of Microsoft-IIS does not support SPDY.

4.2 Wireshark packet interception

Chromium made patch source code for Wireshark1.7.1, called spdyshark, need to download the Wireshark source and spdyshark source code to compile to make Wireshark support SPDY protocol. Specific compiler installation methods please refer to "Linux Mint compiler which support SPDY protocol Wireshark .

Because the SPDY based on the TLS, so the Wireshark packet interception needs to decrypt the SSL, and then the analysis of the SPDY protocol. The specific packet interception methods please refer to "SSLv3" and "Wireshark+Apache2.4 decryption using SPDY protocol Wireshark packet interception (including the spdyshark plug-in) .

Application of Server in terminal 4.3

4.3.1 survey method

Investigation of Web server to support SPDY, can use third party website: access, input the website can feedback results in Webpage in. For example:


But the site is not the station with HTTPS scheme, so you will need to manually find login account page to do the test.

You can also use the Wireshark packet interception, find Extension in the TLS Server Hello information, ALPN will display Unknown 16, NPN can identify Extension: next_protocol_negotiation.

The current Google website with 3.1:


Facebook with 2 and 3:


The results of 4.3.2

The common sites at home and abroad to look, found only four: Google, Facebook, wordpress.com and www.cloudflare.com. There is no website support. (note, this result is very superficial, not when the authoritative conclusion)

Application of Browser in terminal 4.4

4.4.1 test method

With the target browser will display whether to support the SPDY on the page.

4.4.2 data

According to the third party data, support SPDY browser:

  1. Internet Explorer 11 support
  2. Firefox 13+
  3. Chrome 4+
  4. Opera 12.1+
  5. Android browser 3.0+ (should be wrong, the test results are 4.1+ only)
  6. Opera Mobile 12.1+
  7. Chrome for Android 33+
  8. Firefox for Android 26+

A browser that supports SPDY 65.26%. For details please see.

Search to CNZZ statistics China browser share, but can not directly see support for SPDY ratio, personal estimate is the desktop version is less than 50%, the mobile version is less than 30%. .

Scheme 5 browser

SPDY for the realization of the browser, work in the network layer loading frame. If SPDY has been realized, the description of the network layer and hierarchical refinement and duties of each thin layer:


Whether it is HTTP or SPDY, in a loading process needs to bear all the responsibilities of each thin layer. In the code, if HTTP and SPDY have different responsibilities, need to design the base class, HTTP and SPDY each inherits from a base class to achieve different process.

SPDY special implementation responsibilities:

  1. The Callback callback mechanism. SPDY HTTP header is compressed, with the ordinary HTTP process docking, or first decompression, either by callback decompression.
  2. The Protocol Transport protocol process control. Especially the Server Push characteristics.
  3. Error error handling
  4. Full duplex SPDY. SPDY socket is a full duplex applications, both the sending and receiving, and general HTTP to send after receiving different.
  5. Framing binding. This layer of most of them and HTTP.
  6. SSL/TLS handshake handshake process. Because SPDY is NPN.
  7. SpdyConnection. Connection generally distinguished by URL scheme, host, port, SPDY and HTTPS these distinguish point all the same, multiplexing so connection need to increase protocol to distinguish.
In addition to the Chromium itself, the SPDY document also lists several implementation. Other implementations of C/C++, have one thing in common: because of working on the bottom, rely on more external library code. And they spent the last three months and update, the majority did not support all the features of SPDY, and in bug repair. So the degree of perfection of the code are not up to standard browser level.

The 6 site is the support for SPDY

No necessary to support SPDY, HTTP/2 and QUIC.

Reason:

  1. SPDY is a standard company, is not the industry standard, defect, perfect.
  2. SPDY will be accepted and perfect become the industry standard and international standard, then support is not late. HTTP/2 protocol is based on the SPDY, and the HTTP/2 is better than SPDY, SPDY will quit the stage of history sooner or later, then the industry will be a lot of support HTTP/2.
  3. Server end itself on the SPDY support is not perfect, not fully realize all the characteristics, and the presence of bug. Web site to use if there are certain risks. Apache2.2 + mod_spdy only supports SPDY3, Nginx1.5.1 only supports SPDY3.1, does not implement the Server Push. When the Server client program more perfect do not later than. Server application fee is not a beginning to support SPDY, when they began to support, can be thought of as a symbol, representing the industry will start to do a lot of matching things to support the new standard.
  4. The Server end is not universal, scanty website has been applied.
  5. Support SPDY browser in the Chinese share less than 50%, the website is not urgent necessary to support SPDY. Safari does not support SPDY, which is not approved by Apple.
Reprint please indicate the source
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Posted by Baldwin at June 27, 2014 - 9:15 PM