Re: HTTP router point-of-view concerns

Amos Jeffries <squid3@treenet.co.nz> Fri, 12 July 2013 17:31 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5B6B21F9AA7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 12 Jul 2013 10:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.559
X-Spam-Level:
X-Spam-Status: No, score=-10.559 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wXItLESmdz5V for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 12 Jul 2013 10:31:33 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 3159911E811E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 12 Jul 2013 10:31:33 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UxhB3-0005Kq-Dh for ietf-http-wg-dist@listhub.w3.org; Fri, 12 Jul 2013 17:30:41 +0000
Resent-Date: Fri, 12 Jul 2013 17:30:41 +0000
Resent-Message-Id: <E1UxhB3-0005Kq-Dh@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1UxhAt-0005JW-Vi for ietf-http-wg@listhub.w3.org; Fri, 12 Jul 2013 17:30:31 +0000
Received: from ip-58-28-153-233.static-xdsl.xnet.co.nz ([58.28.153.233] helo=treenet.co.nz) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1UxhAs-0002K8-6w for ietf-http-wg@w3.org; Fri, 12 Jul 2013 17:30:31 +0000
Received: from [192.168.1.218] (ip202-27-218-168.satlan.co.nz [202.27.218.168]) by treenet.co.nz (Postfix) with ESMTP id 1F027E6F4B for <ietf-http-wg@w3.org>; Sat, 13 Jul 2013 05:30:04 +1200 (NZST)
Message-ID: <51E03D17.5010801@treenet.co.nz>
Date: Sat, 13 Jul 2013 05:29:59 +1200
From: Amos Jeffries <squid3@treenet.co.nz>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: ietf-http-wg@w3.org
References: <CA+qvzFPUpcm6kUtJx+rTw8Dpp4Gtx4Bmr3XPDhjNsjchUfN9_w@mail.gmail.com> <51DE1E32.9010801@treenet.co.nz> <CAP+FsNdcYhA=V5Z+zbt70b5e7WmcmXgjG5M9L3vfXeXfTwmRnw@mail.gmail.com> <51DE327C.7010901@treenet.co.nz> <CABkgnnXeqD6wh0dcJ1Dz=4PLAJNkDeGcCuzMr9ATd_7xS7nbGQ@mail.gmail.com> <CABP7RbcUkLf3CTAB4jwicnsiKWLGVY6=hX0k=0256SR_gcVt9A@mail.gmail.com> <092D65A8-8CB7-419D-B6A4-77CAE40A0026@gmail.com> <3835.1373612286@critter.freebsd.dk> <CD9E163F-1225-4DA8-9982-8BDBD16B1051@mnot.net> <1772.1373629495@critter.freebsd.dk> <20130712125628.GC28893@1wt.eu>
In-Reply-To: <20130712125628.GC28893@1wt.eu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=58.28.153.233; envelope-from=squid3@treenet.co.nz; helo=treenet.co.nz
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.449, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UxhAs-0002K8-6w 8f1476ac4b30fdea9b25736f66034a5e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP router point-of-view concerns
Archived-At: <http://www.w3.org/mid/51E03D17.5010801@treenet.co.nz>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18732
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 13/07/2013 12:56 a.m., Willy Tarreau wrote:
> Hi Poul-Henning,
>
> On Fri, Jul 12, 2013 at 11:44:55AM +0000, Poul-Henning Kamp wrote:
>> In message <CD9E163F-1225-4DA8-9982-8BDBD16B1051@mnot.net>, Mark Nottingham wri
>> tes:
>>
>>> This has been brought up a number of times. I think what we need is a =
>>> concrete proposal *with* a detailed plan for a workable transition to =
>>> the new mechanism -- which seems to be the (or at least one) sticking =
>>> point whenever this comes up.
>> I have given a concrete example multiple times, it's very simple:
>>
>> 	The client always sends along a session-identifier of N (128?)
>> 	bits.
>>
>> 	If the first bit is zero, this is an anonymous, transient
>> 	session, not (to be) associated with any other session.
>>
>> 	If the first bit is one, this is a persistent session
>> 	identifier, which the server can use to look up any relevant
>> 	state or information from previous instances of this
>> 	session, in its local database.
>>
>> 	This replaces the Cookie: and Set-Cookie: headers, which
>> 	SHALL NOT be sent in the HTTP/2.0 protocol.
>>
>> Advantages:
>>
>> 	We get a fixed size session-identifier for HTTP routers to
>> 	use for flow-routing.
>>
>> 	We get an actual (client controlled) session-concept, rather
>> 	than all sorts of ad-hoc simulations with cookies.
>>
>> 	Data with privacy-concerns are stored on the server not on
>> 	random clients the user happens to borrow or use.
>>
>> 	The overhead of encrypting and signing the data in cookies
>> 	is avoided, since they are stored on the server side where
>> 	nobody can fudge them.
>>
>> Backwards compatibility:
>>
>> 	It should be obvious that simulating the Cookie concept for
>> 	framework compatibility on the server side is a trivial
>> 	matter of programming:  Rather than send set-cookies, write
>> 	them to a database, indexed by the session-id.  Rather than
>> 	receive Cookie: headers, look them up in the database.
>>
>> There, solved.
> Not really in fact. While I tend to generally agree with the points
> you make for scalability, this one does not scale. One of the big
> benefits of cookies is that client is responsible for synchronizing
> information between multiple servers *if needed*. When you're building
> an architecture using anycast DNS + ECMP + L4 load balancers to reach
> your servers, you can't predict if a client will come back to the same
> place to retrieve its context, and having the ability to make it hold
> *some* data is really useful.
>
> If you store everything on server-side, you're forced to synchronize
> everything between all servers of all datacenters because you don't
> even know where your client will go with next hit, let alone parallel
> requests. And this is clearly not possible on many of the platforms
> where both of our products are deployed to achieve connection rates
> in the 6 digits.

In these cases you build your session identifier to contain a shard 
reference as well as an UID.
For example I'm pretty sure that Facebook does not replicate all users 
entire account details onto each and every server, or in a Cookie being 
sent back and forward. For good reason. No, they have an ID which allows 
extremely fast backend referencing for whatever assembly server is 
running to access whatever data server the users account it stored on. 
Not exactly complex even when running at large scale.


> So there *is* some use to store data on the client, it's just that it
> has been long abused to store session identifiers because it was the
> only mechanism available.

Only the Session ID and/or a shard reference (combined in one opaque 
blob is even better) need be stored on the client.

Amos