W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2012

Re: #385: HTTP2 Upgrade / Negotiation

From: Salvatore Loreto <salvatore.loreto@ericsson.com>
Date: Thu, 25 Oct 2012 13:02:34 +0300
Message-ID: <50890E3A.5050105@ericsson.com>
To: ietf-http-wg@w3.org
On 10/25/12 10:29 AM, Willy Tarreau wrote:
> Hi Gabriel,
>
> On Thu, Oct 25, 2012 at 07:02:34AM +0000, Gabriel Montenegro wrote:
>>> On the other hand, the Upgrade-based negotiation is pessimistic; it assume
>>> that something will go wrong until we prove that both ends speak the same
>>> language. It'll be fast but have some limitations at the start (as discussed).
>> I've been thinking about this, and think we may be able to make it more optimistic after the first exchange.
>>
>> This is the scenario:
>> 1. client has no prior knowledge whether this server supports http2 on this port in the clear.
>> 2. client performs Upgrade (presumably, he'd be using NPN if over SSL)
>> 3. server sends 101 back.
>> 4. they now speak http2, and the client learns that this server speaks http2 at this port.
>> 5. time passes, and this http2 connection goes away.
>> 6. a subsequent message from client to server (without a pre-existing http2 connection) could bypass the Upgrade and send http2 frames directly.
>>
>> This would require the server to be able to detect if any given message is
>> either http 1.X or http 2. Given the binary framing of the latter, it seems
>> possible to figure out how to make this unambiguous at the server.
>>
>> Comments?
> This cannot work in environment where transparent protocol analysers and
> intercepting proxies are installed.
just to clarify
the bad is not with the intercepting proxies in general,
but only with the one that would expect a connection always starting 
with an Upgrade
However if we will standardize the possibility that an HTTP connection 
can start directly
from HTTP/2.0 then the intercepting proxy should not stop it
and then the Gabriel proposal may or may not work for other reasons...


> The first success only means one thing,
> which is that the scenario used along the whole path works, it does not
> preclude that changing the opening handshake would too woke. Two examples :
>
> - in March I informed the hybi WG that I got a report from a user that
>    Trend Micro's OfficeScan installed on his machine was blocking WS
>    upgrades because it was analysing exchanges between the browser and
>    the outer world and did not like 101 responses. When this program
>    is eventually fixed, it will still inspect contents and expect HTTP
>    to be spoken there, which would not be the case on the second handshake ;
>
> - I was aware of an ISP combining haproxy + squid to save on bandwidth costs.
>    The principle was very simple, haproxy was set up as an intercepting proxy
>    at the border, and balanced the load across a squid farm. Haproxy was
>    configured to bypass squid for websocket since there was no added value
>    in solliciting the caches for this. Haproxy doesn't understand websocket,
>    it only understands HTTP/1.1 and its associated Upgrade mechanism. If you
>    start sending non-HTTP/1.1 frames at it while it expects HTTP, you can be
>    sure to get a 400/badreq quickly in return (at least once the protocols
>    diverge).
that is WebSocket specific that only specifies and mandate the HTTP/1.1 
Upgrade handshake
so the Haproxy is acting correctly (and I had no doubt about it).

>
> So what we learn from the first successful connection is that we should
> continue to use the same mechanism.
>
> However I think we should experiment with the same principle as pipelining, ie
> when a handshake has worked once, we can probably start sending HTTP/2 frames
> after the initial client handshake without waiting for a response since we know
> that the whole path supports the Upgrade well.
that would work in a desktop,
but if you are using a mobile scenario you can not be so sure that whole 
path is going
to be use is exactly the old path that supported the Upgrade well.
or I am missing something here?

br
/Salvatore

-- 
Salvatore Loreto, PhD
www.sloreto.com
Received on Thursday, 25 October 2012 10:03:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 25 October 2012 10:03:03 GMT