[Doh] HTTP/2 and constrained environments

Mateusz Jończyk <mat.jonczyk@o2.pl> Fri, 01 June 2018 10:29 UTC

Return-Path: <mat.jonczyk@o2.pl>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id ECF751276AF for <doh@ietfa.amsl.com>; Fri, 1 Jun 2018 03:29:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id uGe7UCmT3cu8 for <doh@ietfa.amsl.com>; Fri, 1 Jun 2018 03:29:16 -0700 (PDT)
Received: from mx-out.tlen.pl (mx-out.tlen.pl []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0292F127871 for <doh@ietf.org>; Fri, 1 Jun 2018 03:29:15 -0700 (PDT)
Received: (wp-smtpd smtp.tlen.pl 8693 invoked from network); 1 Jun 2018 12:29:12 +0200
Received: from agkn64.neoplus.adsl.tpnet.pl (HELO []) (mat.jonczyk@o2.pl@[]) (envelope-sender <mat.jonczyk@o2.pl>) by smtp.tlen.pl (WP-SMTPD) with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP for <doh@ietf.org>; 1 Jun 2018 12:29:12 +0200
From: =?UTF-8?Q?Mateusz_Jo=c5=84czyk?= <mat.jonczyk@o2.pl>
To: Patrick McManus <pmcmanus@mozilla.com>, DoH WG <doh@ietf.org>
References: <4b620bc5-9445-f3b0-cc3d-2ad2b9ac154a@o2.pl> <CAOdDvNpMzArPtoFUp_BtHtmZn4jgFmMT20mDFBEv+j5cF2Og9A@mail.gmail.com>
Openpgp: preference=signencrypt
Message-ID: <b86514f3-bb56-fcd4-84e9-cd44999b117e@o2.pl>
Date: Fri, 1 Jun 2018 12:23:04 +0200
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <CAOdDvNpMzArPtoFUp_BtHtmZn4jgFmMT20mDFBEv+j5cF2Og9A@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IIrllgchNlhw6dZIpvEuh3zTP7PnLOhkR"
X-WP-MailID: abecddc0502948b71ebb5818c290806d
X-WP-AV: skaner antywirusowy Poczty o2
X-WP-SPAM: NO 000000A [URPU]
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/0f_qdrZT9qqO23oQgV_Lxm1FVPI>
Subject: [Doh] HTTP/2 and constrained environments
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2018 10:29:19 -0000

W dniu 23.05.2018 o 23:13, Patrick McManus pisze:
> On Wed, May 23, 2018 at 5:40 AM, Mateusz Jończyk <mat.jonczyk@o2.pl
> <mailto:mat.jonczyk@o2.pl>> wrote:
>     How difficult it would be to implement HTTP/2 on a home router with 8 MB of
>     flash and 32 MB of RAM? Would it at all be possible? 
> no problem really. HTTP/2 provides a number of mechanisms for either peer to
> scale things down (e.g.reducing state in the compression dictionary, limiting
> the number of outstanding streams , small flow control windows, etc ).

HTTP/2 may be larger in code size and this is a serious limitation in home
routers (it is in most cases a more important limiting factor then RAM size). It
will probably also be more difficult to implement (in terms of coding effort).

> searching for nginx and dd-wrt yields lots of howto's
> https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312701&sid=dfc6638ad8a57c7d3540d4b3aae828d3 
> .. nginx has http/2 support.
I suppose it is feasible to run NGINX only on high-end routers. There are
high-end routers with lots of RAM (like 128MB and more) and ability to mount
external media (USB or SD card or Samba network drives).
The router mentioned in the forum thread (Linksys WRT1900ACv2) is one of the
highest-end router models supported by DD-WRT and is very expensive.
AFAIK NGINX will not easily run on routers with 32 MB RAM and 8 MB flash, at
least not without consuming much of the precious resources.

>     Would it be much more
>     difficult to implement than HTTP/1.0? All of my routers support only
>     HTTP/1.0 in
>     the management interface.
> I'm just speculating, but I suspect that has more to do with https and the
> challenges of provisioning certs on that kind of device than anything else.

Two of my three routers support HTTPS, so it seems it does not have much to do
with enabling HTTPS (the third router is a really constrained device with 16MB
of RAM and 2MB of flash).
I suppose that it has much to do with simplicity of protocol and ease of
implementation. There are few benefits to upgrade a router management interface
to support HTTP/1.1 or HTTP/2.0.

>     Would it be beneficial to specify that DNS API clients SHOULD support DNS API
>     servers that only talk HTTP/1.0 or HTTP/1.1?
> imo we shouldn't be explicitly encouraging older protocols.

Why not? They may be deprecated, but still may be a better choice in some cases
(as outlined above).