Join the community today
Register Now

WebPerf Google dropping SPDY in favor of HTTP 2

Discussion in 'All Internet & Web Performance News' started by jeffwidman, Feb 10, 2015.

  1. jeffwidman

    jeffwidman Active Member

    152
    27
    28
    Dec 3, 2014
    Ratings:
    +51
    Local Time:
    7:10 AM
  2. Peter Downey

    Peter Downey Member

    64
    24
    8
    May 28, 2014
    Ratings:
    +27
    Local Time:
    10:10 AM
    Just read this myself. Whatever they call it, however it works, as long as it's faster and easy to implement I'll be happy.
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    woah and all the work I did with SPDY setup guide hehe. At least SPDY is here until 2016 :)

    But good news is I have been playing with h2o web server integration for Centmin Mod which natively supports HTTP/2 :)

    h2o's features
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Quick google on http/2 leads to a nice reads below

     
    Last edited: Feb 10, 2015
  5. Matt Williams

    Matt Williams WordPress Fanatic

    537
    104
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +157
    Local Time:
    10:10 AM
    latest
    10
    And just to think LiteSpeed v5.0 is implementing SPDY into their system! Now they'll have to switch to!
     
  6. rdan

    rdan Well-Known Member

    5,443
    1,402
    113
    May 25, 2014
    Ratings:
    +2,194
    Local Time:
    11:10 PM
    Mainline
    10.2
    OpenLiteSpeed 1.3.7 and 1.4.4 support HTTP/2 | OpenLiteSpeed Community and News
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nice
    I believe it might be same for Nginx enabling SPDY enables HTTP2 ?

    just remember browsers are forcing TLS/SSL fro HTTP/2 so like SPDY will need SSL even if the HTTP/2 specification allows for non-TLS / non-SSL usage
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ilya Grigorik comments of SPDY and HTTP/2 at Re: Google dumps SPDY in favour of HTTP/2, any plans for nginx?

     
  9. s.molinari

    s.molinari New Member

    10
    4
    3
    Aug 31, 2014
    Ratings:
    +4
    Local Time:
    4:10 PM
    I certainly would expect Nginx to support HTTP/2. I can't imagine they won't. The H2O web server looks interesting too.

    Scott
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    more info How NGINX Plans to Support HTTP/2 - NGINX

     
  11. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    HTTP/2 looks to be detected in Chrome :D

    h2o_111_http2_enabled_chrome_00.png

    protocol = H2-14 = HTTP/2 draft 14

    h2o_111_http2_enabled_opera28_00.png
     
    Last edited: Mar 16, 2015
  12. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    While I was testing h2o HTTP/2 server, thought I'd do quick test of OpenLiteSpeed server too as it has HTTP/2 support too :)

    OpenLiteSpeed 1.3.8

    Code:
    curl -I https://OPENLITESPEEDHOST.centminmod.com:8082/
    HTTP/1.1 200 OK
    etag: "ed9-5508fbfa-6633c"
    last-modified: Wed, 18 Mar 2015 04:15:54 GMT
    content-type: text/html
    content-length: 3801
    accept-ranges: bytes
    date: Wed, 18 Mar 2015 04:20:13 GMT
    server: LiteSpeed
    connection: close
    cipherscan check
    Code:
    ./cipherscan OPENLITESPEEDHOST.centminmod.com:8082
    .........
    Target: OPENLITESPEEDHOST.centminmod.com:8082
    
    prio  ciphersuite                  protocols                    pfs_keysize
    1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                      ECDH,P-256,256bits
    2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                      ECDH,P-256,256bits
    3     ECDHE-RSA-AES256-SHA384      TLSv1.2                      ECDH,P-256,256bits
    4     ECDHE-RSA-AES128-SHA256      TLSv1.2                      ECDH,P-256,256bits
    5     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
    6     ECDHE-RSA-AES256-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
    7     ECDHE-RSA-AES128-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
    8     RC4-SHA                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
    
    Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
    TLS ticket lifetime hint: 100800
    OCSP stapling: not supported
    Server side cipher ordering
    
    check OpenLiteSpeed 1.3.8 SSL server's support for TLS ALPN and NPN extensions on port 8082

    ALPN check reports No ALPN negotiated - ALPN is only supported in OpenSSL 1.0.2, so wonder if OpenLiteSpeed 1.3.8 bundled OpenSSL is <1.0.2 ?
    Code:
    /opt/h2o_openssl/bin/openssl s_client -alpn h2-14 -host OPENLITESPEEDHOST.centminmod.com -port 8082
    
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    
    NPN check reports that NPN extension is supported = Next protocol: (1) h2-14
    Code:
    /opt/h2o_openssl/bin/openssl s_client -nextprotoneg h2-14 -host OPENLITESPEEDHOST.centminmod.com -port 8082
    
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    Next protocol: (1) h2-14
    No ALPN negotiated
    
    nghttp2 client check for HTTP/2 support in OpenLiteSpeed 1.3.8 on port 8082
    Code:
    /usr/local/http2-15/bin/nghttp -nv https://OPENLITESPEEDHOST.centminmod.com:8082
    [  0.000] Connected
    [  0.001][NPN] server offers:
              * h2-14
              * spdy/3.1
              * spdy/3
              * spdy/2
              * http/1.1
    The negotiated protocol: h2-14
    [  0.004] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
              (niv=2)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
    [  0.004] send HEADERS frame <length=45, flags=0x05, stream_id=1>
              ; END_STREAM | END_HEADERS
              (padlen=0)
              ; Open new stream
              :method: GET
              :path: /
              :scheme: https
              :authority: OPENLITESPEEDHOST.centminmod.com:8082
              accept: */*
              accept-encoding: gzip, deflate
              user-agent: nghttp2/0.7.8-DEV
    [  0.005] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
              (niv=2)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65536]
    [  0.005] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
              (window_size_increment=65535)
    [  0.005] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.005] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.044] recv (stream_id=1) :status: 200
    [  0.044] recv (stream_id=1) etag: "ed9-5508fbfa-6633c"
    [  0.044] recv (stream_id=1) last-modified: Wed, 18 Mar 2015 04:15:54 GMT
    [  0.044] recv (stream_id=1) content-type: text/html
    [  0.044] recv (stream_id=1) accept-ranges: bytes
    [  0.044] recv (stream_id=1) date: Wed, 18 Mar 2015 05:22:46 GMT
    [  0.044] recv (stream_id=1) server: LiteSpeed
    [  0.044] recv (stream_id=1) content-encoding: gzip
    [  0.044] recv (stream_id=1) vary: accept-encoding
    [  0.044] recv HEADERS frame <length=109, flags=0x04, stream_id=1>
              ; END_HEADERS
              (padlen=0)
              ; First response header
    [  0.044] recv DATA frame <length=10, flags=0x00, stream_id=1>
    [  0.044] recv DATA frame <length=1568, flags=0x00, stream_id=1>
    [  0.044] recv DATA frame <length=0, flags=0x01, stream_id=1>
              ; END_STREAM
    [  0.044] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
              (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
    
     
    Last edited: Mar 18, 2015
  13. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    h2o HTTP2 server tests

    check https SSL on port 8081 for H20 server using cipherscan
    Code:
    ./cipherscan XXX.centminmod.com:8081        
    ..............
    Target: XXX.centminmod.com:8081
    
    prio  ciphersuite                  protocols              pfs_keysize
    1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits
    2     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits
    3     ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
    4     AES256-GCM-SHA384            TLSv1.2
    5     AES256-SHA256                TLSv1.2
    6     AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2
    7     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits
    8     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits
    9     ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
    10    AES128-GCM-SHA256            TLSv1.2
    11    AES128-SHA256                TLSv1.2
    12    AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2
    13    DES-CBC3-SHA                 TLSv1,TLSv1.1,TLSv1.2
    
    Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
    TLS ticket lifetime hint: 300
    OCSP stapling: supported
    Client side cipher ordering
    
    Using OpenSSL 1.0.2 static compiled client to check h2o SSL server for ALPN and NPN TLS extension support

    check for ALPN extension support in h2o server - look for ALPN protocol: h2-14
    Code:
    /opt/h2o_openssl/bin/openssl s_client -alpn h2-14 -host XXX.centminmod.com -port 8081
    CONNECTED(00000003)
    
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    ALPN protocol: h2-14
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    
    check for NPN extension support in h2o server - look for Next protocol: (1) h2-14
    Code:
    /opt/h2o_openssl/bin/openssl s_client -nextprotoneg h2-14 -host XXX.centminmod.com -port 8081
    
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    Next protocol: (1) h2-14
    No ALPN negotiated
    
    Using nghttp2 client to check h2o SSL server on port 8081 for HTTP/2 support = negotiated protocol = h2
    Code:
    /usr/local/http2-15/bin/nghttp -nv https://XXX.centminmod.com:8081
    [  0.000] Connected
    The negotiated protocol: h2
    [  0.003] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
              (niv=2)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
    [  0.003] send HEADERS frame <length=45, flags=0x05, stream_id=1>
              ; END_STREAM | END_HEADERS
              (padlen=0)
              ; Open new stream
              :method: GET
              :path: /
              :scheme: https
              :authority: XXX.centminmod.com:8081
              accept: */*
              accept-encoding: gzip, deflate
              user-agent: nghttp2/0.7.8-DEV
    [  0.003] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
              (niv=3)
              [SETTINGS_ENABLE_PUSH(0x02):0]
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):262144]
    [  0.003] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.003] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.003] recv (stream_id=1) :status: 200
    [  0.003] recv (stream_id=1) server: h2o/1.1.1
    [  0.003] recv (stream_id=1) date: Wed, 18 Mar 2015 02:36:16 GMT
    [  0.003] recv (stream_id=1) content-type: text/html
    [  0.003] recv (stream_id=1) last-modified: Sat, 14 Mar 2015 19:15:28 GMT
    [  0.003] recv (stream_id=1) etag: "550488d0-ed9"
    [  0.003] recv HEADERS frame <length=81, flags=0x04, stream_id=1>
              ; END_HEADERS
              (padlen=0)
              ; First response header
    [  0.003] recv DATA frame <length=3801, flags=0x01, stream_id=1>
              ; END_STREAM
    [  0.003] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
              (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
    
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    let's check out the web protocols google.com supports using nghttp2 client

    Code:
    [NPN] server offers:
              * h2-15
              * h2-14
              * spdy/3.1
              * spdy/3
              * http/1.1
    I made it easier to install and use nghttp2 by creating a nghttp2 docker image at centminmod/docker-ubuntu-nghttp2 · GitHub It's on Ubuntu due to the much higher software version requirments needed to compile and install nghttp2 :)

    Code:
     nghttp -nv https://google.com:443
    [  0.071] Connected
    [  0.096][NPN] server offers:
              * h2-15
              * h2-14
              * spdy/3.1
              * spdy/3
              * http/1.1
    The negotiated protocol: h2-14
    [  0.122] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
              (niv=3)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
              [SETTINGS_MAX_FRAME_SIZE(0x05):16384]
    [  0.122] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
              (window_size_increment=983041)
    [  0.122] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
              (niv=2)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
    [  0.122] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.122] send HEADERS frame <length=33, flags=0x05, stream_id=1>
              ; END_STREAM | END_HEADERS
              (padlen=0)
              ; Open new stream
              :method: GET
              :path: /
              :scheme: https
              :authority: google.com
              accept: */*
              accept-encoding: gzip, deflate
              user-agent: nghttp2/0.7.8-DEV
    [  0.147] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.232] recv (stream_id=1) :status: 301
    [  0.232] recv (stream_id=1) alternate-protocol: 443:quic,p=0.5
    [  0.232] recv (stream_id=1) cache-control: public, max-age=2592000
    [  0.232] recv (stream_id=1) content-length: 220
    [  0.232] recv (stream_id=1) content-type: text/html; charset=UTF-8
    [  0.232] recv (stream_id=1) date: Thu, 19 Mar 2015 02:52:16 GMT
    [  0.232] recv (stream_id=1) expires: Sat, 18 Apr 2015 02:52:16 GMT
    [  0.232] recv (stream_id=1) location: https://www.google.com/
    [  0.232] recv (stream_id=1) server: gws
    [  0.232] recv (stream_id=1) x-frame-options: SAMEORIGIN
    [  0.232] recv (stream_id=1) x-xss-protection: 1; mode=block
    [  0.232] recv HEADERS frame <length=200, flags=0x04, stream_id=1>
              ; END_HEADERS
              (padlen=0)
              ; First response header
    [  0.232] recv DATA frame <length=220, flags=0x01, stream_id=1>
              ; END_STREAM
    [  0.232] recv PING frame <length=8, flags=0x00, stream_id=0>
              (opaque_data=0000000000000000)
    [  0.232] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
              (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Wikipedia has a nice overview of HTTP/2 at HTTP/2 - Wikipedia, the free encyclopedia :D

    they don't list h2o HTTP/2 server though h2o/h2o · GitHub
     
  16. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  17. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    More info on HTTP/2 at The Shift from SPDY to HTTP/2 | MaxCDN Blog and Performance Calendar » HTTP 2.0 is coming, be ready

    The Difference Between SPDY and HTTP/2
    SPDY HTTP/2
    SSL Required. In order to use the protocol and get the speed benefits, connections must be encrypted. SSL Not Required. However websites that use encryption will see a noticeable performance boost over today’s encrypted websites.
    Fast Encrypted Connections. Does not use the ALPN extension that HTTP/2 uses. Faster Encrypted Connections. The new ALPN extension lets browsers and servers determine which application protocol to use during the initial connection instead of after.
    Single-Host Multiplexing. Multiplexing happens on one host at a time. Multi-Host Multiplexing. Multiplexing happens on different hosts at the same time.
    Compression. SPDY leaves a small space for vulnerabilities in its current compression methods. Faster, More Secure Compression. HTTP/2 introduces HPACK, a compression format designed specifically for shortening headers and preventing vulnerabilities.
    Prioritization. While prioritization is available with SPDY, HTTP/2’s implementation is more flexible and friendlier to proxies. Improved Prioritization. Lets web browsers determine how and when to download a web page’s content more efficiently.
     
    Last edited: Mar 19, 2015
  18. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Last edited: Mar 20, 2015
  19. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ran a 4 way compare for the following using my revised World Flags demo at H2O HTTP/2 & Nginx SPDY/3.1 SSL Wold Country Flags Demo
    • Nginx non-https over HTTP/1.1
    • Nginx SPDY/3.1 https over HTTP/1.1
    • h2o non-https over HTTP/1.1
    • h2o https over HTTP/2
    webpagetest 3g mobile 1.6Mbps/768Kbps 150ms test for best effect to see how page loading differs

    3gfast_nginxspdy_vs_h2o_http2_video_00_tn.png
    3gfast_nginxspdy_vs_h2o_http2_filmstrip_00_tn.png

    3gfast_nginxspdy_vs_h2o_http2_00.png
    3gfast_nginxspdy_vs_h2o_http2_01.png
    3gfast_nginxspdy_vs_h2o_http2_02.png
    3gfast_nginxspdy_vs_h2o_http2_03.png
     
  20. eva2000

    eva2000 Administrator Staff Member

    54,106
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    1:10 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+