[hybi] HTTP and round trips
Willy Tarreau <w@1wt.eu> Sun, 15 August 2010 22:23 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 66DCF3A635F for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 15:23:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.966
X-Spam-Level:
X-Spam-Status: No, score=-0.966 tagged_above=-999 required=5 tests=[AWL=-2.723, BAYES_50=0.001, HELO_IS_SMALL6=0.556, J_CHICKENPOX_15=0.6, J_CHICKENPOX_51=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eTfVoNYKF0Yc for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 15:23:17 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 674393A67A2 for <hybi@ietf.org>; Sun, 15 Aug 2010 15:23:16 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o7FMNqw3029863 for hybi@ietf.org; Mon, 16 Aug 2010 00:23:52 +0200
Date: Mon, 16 Aug 2010 00:23:52 +0200
From: Willy Tarreau <w@1wt.eu>
To: hybi@ietf.org
Message-ID: <20100815222351.GK27614@1wt.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
Subject: [hybi] HTTP and round trips
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2010 22:23:18 -0000
I wanted to draw some diagrams about what typical architectures are
commonly found on client and server sides in order to help quickly
spot pathological handshakes. But this takes time. At least I have
drawn various examples showing how the HTTP handshake is affected by
round trips.r
Comments welcome.
Regards,
Willy
------
Here are various cases of round trips for the HTTP handshake depending
on components the requests passes through on the client side, at the ISP
and on the server side. Note that the model can also be applied to other
types of handshakes. The purpose of this enumeration is only to point
the sensible parts in the handshake and to see how they can be optimised
(if required).
The example considers that the client is on a network which is 100 ms
away from the server (round trip time) and that the client's ISP is
in the middle, at 50 ms of each. This is a rough estimate as many
parameters may vary (client-side upload time when the link is loaded,
ISP-to-server RTT for very remote sites, download time for network
accesses over satellite links, etc...).
For the example below, it is assumed that we're using the handshake as
defined in draft-76, but with the server-side ordered correctly to send
the 101 before reading the data.
1) client to server
+---------+
| client |
+----+----+
| Send: GET+key3
/ Recv: 101+hash
( internet ) 100ms
/
|
+----+----+
| server |
+---------+
The handshake here takes one RTT = 100 ms.
2) client via proxy(-ies) to server
+---------+
| client |
+----+----+
| Send: CONNECT+GET+key3
| 1ms Recv: 200+101+data
|
+----+----+
| proxy |
+----+----+
| Send: GET+key3
/ Recv: 101+hash
( internet ) 100ms
/
|
+----+----+
| server |
+---------+
The handshake here takes 1 + 100 = 101 ms
3) client to server, via server-side gateway(s)
+---------+
| client |
+----+----+
| Send: GET+key3
/ Recv: 101+hash
( internet ) 100ms
/
|
+----+----+
| gateway |
+----+----+
| Send: GET
| 1ms Recv: 101
| Send: key3
| Recv: hash
+----+----+
| server |
+---------+
The handshake here takes 100 + 2*1 = 102 ms
4) client to server, client-side proxy(-ies) and server-side gateway(s)
+---------+
| client |
+----+----+
| Send: CONNECT+GET+key3
| 1ms Recv: 200+101+data
|
+----+----+
| proxy |
+----+----+
| Send: GET+key3
/ Recv: 101+hash
( internet ) 100ms
/
|
+----+----+
| gateway |
+----+----+
| Send: GET
| 1ms Recv: 101
| Send: key3
| Recv: hash
+----+----+
| server |
+---------+
The handshake here takes 1 + 100 + 2*1 = 103 ms
5) client via gateway + proxy(-ies) to server
+---------+
| client |
+----+----+
| Send: CONNECT+GET+key3
| 1ms Recv: 200+101+data
|
+----+----+
| gateway |
+----+----+
| Send: CONNECT
| 1ms Recv: 200
| Send: GET+key3
| Recv: 101+hash
+----+----+
| proxy |
+----+----+
| Send: GET+key3
/ Recv: 101+hash
( internet ) 100ms
/
|
+----+----+
| server |
+---------+
The handshake here takes 1 + 2*1 + 100 = 103 ms
6) client to server, via client-side transparent proxy
+---------+
| client |
+----+----+
| Send: GET+key3
/ Recv: 101+hash
( ISP ) 50ms
/
|
+----+----+
| t.proxy |
+----+----+
| Send: GET
/ Recv: 101
( internet ) 50ms Send: key3
/ Recv: hash
|
+----+----+
| server |
+---------+
The handshake here takes 50 + 2*50 = 150 ms
7) Preliminary conclusions
Since the protocol supports proxies, the round-trip caused by the /key3/
parameter is only on the server side when gateways or transparent proxies
are installed before it. Proxies do not add a round trip because the
protocol makes use of a CONNECT method in order to establish a tunnel to
make them ignore the protocol, so that they can send the /key3/ parameter
with the first packet. Gateways installed before the proxy do not add any
significant time either due to being close to the proxy.
Gateways (reverse proxies) are mostly installed on the server side, closer
to the server, resulting in a negligible additional round-trip.
The really slow case is for transparent proxies installed at the ISP's,
because the client performs a normal handshake (not one for a proxy),
and this transparent proxy has to wait for the 101 to send key3 and get
the hash. So there are two round trips between the ISP and the server,
but still one between the client and the ISP.
What this means is that the round trips to take into account are the
ones between the first gateway which receives a normal non-proxy
handshake, and the server. That basically means that only the server-side
time counts. Even if the client browses over a satellite link, the extra
round-trips on the server side will not change much to him.
8) Possible improvements
The extra round trip here is caused by the first equipement to have to
wait for the 101 in order to forward the /key3/ parameter.
One efficient solution against this extra round-trip would be to put
this parameter into a HTTP header, just like the other Sec-WebSocket-Key*.
That way, there would not be any additional data to send from client to
server after the 101 appears, thus eliminating the extra round trip.
Note that this data is used for three things :
- detection of cross-protocol communication
- ensure that no cache will return a cached content
- ensure that intermediaries correctly forward data after the 101
The first point and second points are not changed with a header. The
third point changes slightly. With the key in the data, it was able
to detect some of the proxies which would reset the connection during
the handshake. With the key3 in a header, it will only detect the
connection reset when trying to send data for the first time. However,
neither method detects intermediaries which don't forward request body
and remain stuck on it, so on this point there is no change.
Also, since the hash currently concatenates key1, key2 and key3, it
would also be even easier to simply remove key3 and have the client
check that the server emits the correct hash for key1+key2.
----
- [hybi] HTTP and round trips Willy Tarreau