Re: HTTP router point-of-view concerns

Christian Parpart <trapni@gmail.com> Thu, 11 July 2013 09:52 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2449521F9CF8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 11 Jul 2013 02:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ILbkb9L98fr1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 11 Jul 2013 02:51:54 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 436B621F9D1B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 11 Jul 2013 02:51:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UxDVo-0000YF-1I for ietf-http-wg-dist@listhub.w3.org; Thu, 11 Jul 2013 09:50:08 +0000
Resent-Date: Thu, 11 Jul 2013 09:50:08 +0000
Resent-Message-Id: <E1UxDVo-0000YF-1I@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <trapni@gmail.com>) id 1UxDVe-0007ix-M4 for ietf-http-wg@listhub.w3.org; Thu, 11 Jul 2013 09:49:58 +0000
Received: from mail-qa0-f51.google.com ([209.85.216.51]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <trapni@gmail.com>) id 1UxDVc-0002k4-Aj for ietf-http-wg@w3.org; Thu, 11 Jul 2013 09:49:57 +0000
Received: by mail-qa0-f51.google.com with SMTP id f11so4074504qae.17 for <ietf-http-wg@w3.org>; Thu, 11 Jul 2013 02:49:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KI9dFZGXzBwM9ZQX9a4pal6ey1anYtQJHRgn6OeHMOg=; b=gLBg2h5iBtHbNfEL2xNnbQ3lImwlUosr28t4OlJw04axTkCxgzYn+7uIFkrJdJzD0Z G6lu1XbUb7U+rkalWjecOU4gP8sRmgX1En4lhq3wntbe9wW6bu+rSDjFflAMo7TBUcM7 17LKB3lbaRUPxu9U8aGkQ5vUeYXdF++C/HYBzBYaiLYwVZm+9ngPSswKZOzBXqySa6f+ Tnf8K3AjNzvd7TZUzytbHH/RaScfEsAJEorgzgNlbI45MSaMChHXfP5txin/i3SZiOCJ tuuRRYnVGa3CcCCTu3QISm1LMOcrXEQ/e/ZVC4vil3KkFhyVUj0azrkX33oqfuxZV2sR DjNw==
MIME-Version: 1.0
X-Received: by 10.49.1.74 with SMTP id 10mr29043712qek.20.1373536170782; Thu, 11 Jul 2013 02:49:30 -0700 (PDT)
Received: by 10.49.97.229 with HTTP; Thu, 11 Jul 2013 02:49:30 -0700 (PDT)
In-Reply-To: <51DE1E32.9010801@treenet.co.nz>
References: <CA+qvzFPUpcm6kUtJx+rTw8Dpp4Gtx4Bmr3XPDhjNsjchUfN9_w@mail.gmail.com> <51DE1E32.9010801@treenet.co.nz>
Date: Thu, 11 Jul 2013 11:49:30 +0200
Message-ID: <CA+qvzFOrZEaaXKRYeaU=_X7vmemmjybGX9xLe3=VtEh6b8Nwgw@mail.gmail.com>
From: Christian Parpart <trapni@gmail.com>
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="047d7b6d82fe8bb78004e1394f79"
Received-SPF: pass client-ip=209.85.216.51; envelope-from=trapni@gmail.com; helo=mail-qa0-f51.google.com
X-W3C-Hub-Spam-Status: No, score=-0.8
X-W3C-Hub-Spam-Report: DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UxDVc-0002k4-Aj 8e7275e92b473b0b79a4ca179a9e8a29
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP router point-of-view concerns
Archived-At: <http://www.w3.org/mid/CA+qvzFOrZEaaXKRYeaU=_X7vmemmjybGX9xLe3=VtEh6b8Nwgw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18690
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Jul 11, 2013 at 4:53 AM, Amos Jeffries <squid3@treenet.co.nz> wrote:

> On 11/07/2013 10:52 a.m., Christian Parpart wrote:
>
>> Hey guys,
>>
>> I am just new to this list and I've just recently started working through
>> the HTTP/2 draft and all the blog articles found about.
>> That being said, I myself have also very concerns others have noticed as
>> well, and would like to deeply show my intention to help standing aside :)
>>
>> I am the implementor of one of the many HTTP servers that's being used in
>> production, and one major feature is HTTP routing / load balancing,
>> and I would really love to implement an HTTP/1.1 successor that is (to
>> be) officially labeled HTTP/2[.0].
>>
>> However, as a varnish [1] and a BSD [2] guy also raised there hands on,
>> is the lag of easy extraction of envelop information of an HTTP request
>> message, such as method, path, but most certainly the host.
>>
>> Please forgive me if this is already on-topic somewhere hidden, however,
>> I would really highly encourage you to consider
>> adding some dedicated frame type for this kind of envelope information.
>>
>> With that in mind, one might say that an HTTP/2 stream is not initiated
>> by a HEADERS frame but the ENVELOPE frame that contains the actual
>> uncompressed and unmystified but compact information about this request
>> message.
>>
>> One humble proposal might indeed be:
>>
>> type: (something unassigned)
>> flags: bit 1 = END_STREAM /* this HTTP message is complete with just
>> these envelope frame, e.g. a simple GET, and no need for user-agent etc. */
>> id: unique stream ID, semantics like any other stream ID
>> body: a key/value table of the envelope data
>>
>> ENVELOPE FRAME DATA:
>>
>> The envelope data table is a simple table of key/value pairs where the
>> key is an 8bit value identifying the entry
>> and a variable length value that is interpreted depending on the key. The
>> list of provided envelope fields ends
>> as the end of the envelope frame has been reached. that means, an
>> envelope must always fit into a single (first) frame.
>>
>> ENVELOPE KEY/VALUE FIELDS:
>>
>>   * :scheme => uint8: 0x01
>>       o http => uint8: 0x01
>>       o https => uint8: 0x02
>>       o custom => same as in method (if this is distinction is really
>>         demanded)
>>   * :method => uint8: 0x02
>>       o GET => uint8: 0x01
>>       o POST => uint8: 0x02
>>       o PUT => uint8: 0x03
>>       o DELETE => uint8:0x04
>>       o custom => uint8: 0xFF, followed by one uint8 encoding the size
>>
>>         of the following bytes declaring the plaintext method value,
>>         e.g. "PROPFIND"
>>   * :path => uint8: 0x03, uint16 length in network byte order,
>>
>>     followed by $length octects declaring the path's value.
>>   * :host => uint8: 0x04, uint16: length in network byte order,
>>
>>     $length octets declaring the host's value.
>>   * :route => uint8: 0x05, uint8: length, $length octets that declare
>>
>>     this value. (field is only specified if known, thus previousely
>>     announced by the remote server or this frame is part of a response
>>     and we are to announce a routing identifier)
>>   * :status => uint8: 0x06, uint16: code in network byte order  /* if
>>
>>     HTTP/2 considers starting response streams the same way */
>>
>> This is the exact information an HTTP client (scheme,method,path,host) or
>> server (status) MUST currently sent as part of the (first) HEADERS frame.
>> So the change I propose is, to extract this information from the HEADERS
>> frame and put it into its own frame that also initiates the stream
>> implicitly.
>>
>> Having this in mind, it is a pleasure to implement HTTP routers because
>> those now don't have to decode the full HEADERS frames but just decode the
>> ENVELOPE frame and pass any continued frame to the directed next-hop server.
>>
>
> Sadly the compression draft as written is completely incompatible with
> this type of load balancing. It operates a *stateful* compressor, such that
> every single HEADERS frame being received has to be decoded in order to
> re-encode using a separate connection-specific stateful compressor on the
> next-hop connections. This is mandatory for the compressed frames
> regardless of whether the ENVELOPE header is used to provide uncompressed
> details.
>

I hope we did not misunderstand each other, with "ENVELOPE" I meant a frame
on its own that 1.) initiates a stream and 2.) contains the most important
envelope information needed to route a message.


>  The best load balancers can do under the current compression draft is to
> avoid complex re-encoding by emiting only Literal header representations
> and skipping all the traffic optimizations compression offers. Which
> converts them into near perfect DDoS bandwidth-amplification sources.
>

here I don't think that will be much of the case, since HTTP/2 header
encoding should still be a way smaller in bytes than HTTP/1.1 and prior.


>
> The sad state of affairs is that the *only* type of middleware which
> benefits from the proposed HTTP/2 is those which performs transparent
> interception and passive monitoring/recording of users traffic (ie the
> worst kind). Anything which starts modifying or manipulating (ie doing
> something useful for the ISP or CDN) MUST implement a full
> compressor/decompressor pair in order to keep the HTTP/2 statefulness in
> order.


If HTTP/2 now would just put the routing information (method, path, host,
scheme [, routing-key]) cleartext upfront (still binary) an active HTTP
router could just parse this and pass the remaining as-is (e.g. unmodified)
to the next-hop. Although, if it then still whishes to add special headers
(such as Via), it could do so via the trailing HEADERS frame) - if I am not
too wrong.

Regards,
Christian Parpart.