Re: HTTP router point-of-view concerns

Gábor Molnár <> Fri, 12 July 2013 10:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8A6B521F9D8E for <>; Fri, 12 Jul 2013 03:23:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.653
X-Spam-Status: No, score=-9.653 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dmvAeSYsy9hR for <>; Fri, 12 Jul 2013 03:23:41 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A777221F99F4 for <>; Fri, 12 Jul 2013 03:23:41 -0700 (PDT)
Received: from lists by with local (Exim 4.72) (envelope-from <>) id 1UxaUX-0001T7-NC for; Fri, 12 Jul 2013 10:22:21 +0000
Resent-Date: Fri, 12 Jul 2013 10:22:21 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtp (Exim 4.72) (envelope-from <>) id 1UxaUP-0001SO-H8 for; Fri, 12 Jul 2013 10:22:13 +0000
Received: from ([]) by with esmtp (Exim 4.72) (envelope-from <>) id 1UxaUN-0001oW-P7 for; Fri, 12 Jul 2013 10:22:13 +0000
Received: from ( []) by (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTPSA id <> for; Fri, 12 Jul 2013 12:21:45 +0200 (CEST)
Received: by with SMTP id 9so19723589iec.5 for <>; Fri, 12 Jul 2013 03:21:43 -0700 (PDT)
Received: by with HTTP; Fri, 12 Jul 2013 03:21:23 -0700 (PDT)
X-Received: by with SMTP id b8mr735142igf.17.1373624503368; Fri, 12 Jul 2013 03:21:43 -0700 (PDT)
Date: Fri, 12 Jul 2013 12:21:23 +0200
From: Gábor Molnár <>
In-reply-to: <>
To: Mike Belshe <>
Cc: Amos Jeffries <>, httpbis mailing list <>
Message-id: <>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_O2AuovoqDBR4trhML1ffHQ)"
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=cfTuboxxEMcUh5jTFYdKaHw43qs81uEaKO5x8q0w7/E=; b=QWHUx6t5vY8Ur7+tLmLfA8e6yk0SHNDCV0dgQn6qwcKOJvJdCpjWo+NGG/s440LYjn 7cmoRsH0krzSYd3BGz22M2fhzqoJdHYsp98SsC3Yo9VNDvUF4c5281gulfSxmUKO8nha 1UYZ/PNJtZp264Tlq9HcZuqr2hfrEoeavi9amc+QYNpZiyW1sQT2+NnlO/wlf7ox77UE CzPGKD6aWA4lhvji3rTpRd/HxMMrTr8u/PUHWYEWRH4XEZ+XCwPxN2A562ByGDyNIVdf xn2mcP1lWz4ThKStr8XlYHJUsPa+MfnzvP1BoI+I71Ogs9//lXcDRtWBzf7XJIUCXiTx avEw==
References: <> <> <> <> <> <> <> <> <> <>
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-4.3
X-W3C-Hub-Spam-Report: AWL=-1.656, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.303, SPF_PASS=-0.001
X-W3C-Scan-Sig: 1UxaUN-0001oW-P7 f7c87fcdd8a4b48a950f50154bb2fd46
Subject: Re: HTTP router point-of-view concerns
Archived-At: <>
X-Mailing-List: <> archive/latest/18720
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

However, if we would make it possible to have multiple compression contexts
on a single HTTP/2 connection, that would make it work... Only those
requests would be blocked, which belong to the same compression context.
There would be a compression context for each user of the proxy, and the
upstream connection would multiplex HEADERS frames belonging to these
compression context. The proxy would have to maintain all those compression
contexts anyway... except, of course, if it negotiates a stateless
compression strategy with the clients.

This would make things more complicated (having a new, compression-context
id for every headers frame, limiting the number of compression contexts,
etc...), so I don't think it's a very good solution, but it could maybe
generate more fresh ideas regarding this problem.

2013/7/12 Gábor Molnár <>

> I've been thinking of the benefits using a streaming decompressor and
> compressor here to quickly extract the routing information. But in the end,
> I think it wouldn't solve the problem, at least when using a stateful
> compression algorithm.
> Let's assume we have a streaming decompressor that emits headers as soon
> as it decompresses them, and always emits the headers needed to make
> routing decision first (headers starting with colon). It would make routing
> very quick. Let's suppose that the header block format would also be
> optimized to support this behaviour. The proxy would start streaming the
> headers to a compressor, which can forwards them immediately on the upsteam
> connection, without waiting for the whole header set to be decoded.
> The problem is that there's a DoS vector here. While sending the HEADERS
> frames on the upstream connection, there must not be anything else sent
> there. Now suppose a client is very slow, for example, it waits one second
> between sending the first and the second (last) HEADERS frame to the proxy.
> During this time (which can be arbitrary large), the proxy cannot send
> anything on its upstream connection (and it cannot create a new connection
> as it's forbidden in the current spec), so it's basically is blocked.
> 2013/7/12 Mike Belshe <>
>> I'm also in favor of removing the compressor completely.
>> The reason is because we've seen the "negotiable compression protocol"
>> movie before.  At this point, its negotiable, and therefore just a big time
>> sink.  In the end, it will not be deployed because some player will have a
>> bug forcing everyone else to turn it off to avoid the hassle.   I apologize
>> if this sounds pessimistic - but history shows that this is a likely result.
>> If we can't agree on mandatory compression (which was long ago thrown
>> out) why not just add session state.  Cookies & User Agents can be set as
>> state which applies across all streams and be done.  It's mandatory, its
>> super simple, it fixes the single biggest redundant-bandwidth problem
>> elegantly, and in the end, I think this is basically what pkh and christian
>> are asking for under different names.
>> We'll probably save a lot of time debating and end up with a protocol
>> which is almost as good as a true compressor.
>> Mike
>> On Fri, Jul 12, 2013 at 1:26 AM, Amos Jeffries <>wrote:
>>> On 12/07/2013 7:35 a.m., Roberto Peon wrote:
>>>> I think it is perfectly reasonable for an intermediary to set the
>>>> compression size to zero if it wishes.
>>>> Market forces will (in the long-term) pick the correct strategy for
>>>> this-- assuming the compression is effective at reducing latency, and that
>>>> people care about latency reductions, then eventually intermediaries might
>>>> evolve to use it.
>>>> If it is ineffective at reducing latency, or if reduced latency is not
>>>> actually desirable, then intermediaries would not use it.
>>>> The DoS vector you're talking about is not a DoS vector if the
>>>> intermediary resets all streams before the change-of-state-size comes into
>>>> effect.
>>> If you means RST_STREAM on all the initial streams which use a larger
>>> compression size then what you are doing is adding an RTT penalty to all
>>> those requests over and beyond what HTTP/1 suffers from already on a normal
>>> transaction. This is not a useful way forward (wastes packets, RTT and
>>> stream IDs) and resolving it is to make decompression with the default
>>> state size mandatory for all recipients. Which brings us full circle on the
>>> problem of having a default >0 in the dynamic part of the state tables.
>>>  When the state size is 0, one should be able to use some kinds of
>>>> 'indexed' representations, so long as those representations refer only to
>>>> items in the static tables. Why do you believe that this would use more or
>>>> less CPU? (It should use less CPU and less memory...)
>>> I did not mention CPU. Only the bandwidth amplification effects that
>>> agents disabling compression would incur and need to consider carefully.
>>> Personally I would like to see a 127 entry mandatory static table in the
>>> spec itself and tied to the "2.0" version with a 127 entry optional dynamic
>>> table indicated by the high-end bit of the byte code. With a capacity byte
>>> size for dynamic table sent each way and senders forbidden to add new
>>> entries to the dynamic table until they hold the value from both ends of
>>> the connection. Agreed value being the minimum of both ends capacities.
>>> Amos