W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2021

Re: extensible prioritization scheme review

From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Fri, 19 Nov 2021 03:21:34 +0000
Message-ID: <CALGR9oaH4EqoyqJw4AigH8fur74NCZB_D3+GYZB5kxg7_4s7DQ@mail.gmail.com>
To: Stefan Eissing <stefan.eissing@greenbytes.de>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Hi Stefan,

Thanks for taking the time to review, replies in line:

On Thu, Nov 18, 2021 at 11:24 AM Stefan Eissing <
stefan.eissing@greenbytes.de> wrote:

> Reading
> https://httpwg.org/http-extensions/less-h2/draft-ietf-httpbis-priority.html
> again, I have comments to the draft. Thank you for considering my thoughts.
> Small correction:
> 7.1:
> "When the PRIORITY_UPDATE frame applies to a request stream, clients
> SHOULD provide a Prioritized Stream ID that refers to a stream in the
> "open", "half-closed (local)", or "idle" state."
> I believe this is "half-closed (remote)" instead?

From the client's perspective, I believe "half-closed (local)" is correct.
c.f. HTTP/2 [1]

"An endpoint sending an END_STREAM flag causes the stream state to become
"half-closed (local)"; an endpoint receiving an END_STREAM flag causes the
stream state to become "half-closed (remote)""

A client sending a PRIORITY_UPDATE for a half-closed (remote) isn't going
to see much value.

The question below I find not answered, really.
> 14. "Why use an End-to-End Header Field?"
> "The way a client processes a response is a property associated to that
> client generating that request. Not that of an intermediary. Therefore, it
> is an end-to-end property."
> ...
> "Having the Priority header field defined as end-to-end is important for
> caching intermediaries."
> I fail to see that. Given the complexities of HTTP Caching and "Vary"
> handling, this needs more detail.
> Clients process responses differently. How can the processing properties
> of Google Chrome at a certain point in time versus the ones from Firefox at
> another point in time apply to a server resource? It also depends in which
> context the resource is loaded. If an image is embedded in one HTML page,
> its Priority: properties will vary from it being embedded in another HTML
> page.
> That is why I have difficulties to apply `Priority:` to the server
> response meta data. If an intermediary (CDN) cache wants to persist
> response priorities, it is certainly free to do to so. But that seems
> outside HTTP.
> Would it not be better if servers can send PRIORITY_UPDATE Frames to the
> client, if indeed server's changes to Priority should be made known to the
> client side of the connection?

The intermediary in charge of the priority scheduling can use the priority
signal from the client, in addition to that from the server, in addition to
a bunch of other information available with the request (i.e. referrer,
fetch metadata etc). I am not a caching expert so maybe I'm overlooking the
concern you have, perhaps Kazuho can speak more to this point. However,
since the server's priority signals are never intended to be used by a
client endpoint I do not think allowing PRIORITY_UPDATE frames to be sent
by servers is a good design change to make.

> My main issue is around the requirement that non-incremental responses
> should pre-empt any other. As in:
> 10.
> "Therefore, non-incremental responses of the same urgency SHOULD be served
> in their entirety, one-by-one, based on the stream ID, which corresponds to
> the order in which clients make requests."
> ...
> "It is RECOMMENDED that servers avoid such starvation where possible."
> Slowl0ris comes again. If a server sticks to the "SHOULD" of serving
> responses to priority as described (or as I read it), it seems trivial for
> a malicious client to hog server resources:
> - start several streams with small window sizes
> - send a "Priority: u=1" request for a Websocket resource located at the
> server. That one will never terminate and block all responses that have
> already been scheduled.
> I can understand clients saying "I need this CSS resource NOW! Stop
> wasting my bandwidth on other things!". But the solution of this spec to
> only send the response for the CSS resource assumes that it can make full
> use of the available bandwidth. This will not always be the case. A cached
> CSS resource might need revalidation and, while this is done, nothing else
> is sent.
> Stating "It is RECOMMENDED that servers avoid such starvation where
> possible.", means that - in real deployments - server implementations
> *need* to ignore SHOULDs in this spec. This seems not a good approach to
> protocol design.
> When HTTP makes a reboot of Priorities, we should be sure to address such
> scenarios or the outcome in the end will again be not-satisfactory to
> clients who need to shave off milliseconds on page paints.

This topic has been discussed a lot. I'd like to avoid retreading all of
that again (GitHub has a lot if you'd like to go spelunking). To keep it
succinct, the priority scheme is optimized for web page use case. The
recommendations about how servers schedule priority based on signals were
added to give clients some idea how their signals would be interpreted.
They are only hints, but knowing how the server is likely to react to those
hints is useful to clients so they can plan how to pick the values. To my
mind, server scheduling is ultimately going to need to be delegated to an
implementation detail; there's only so much we can say.

There are several scenarios where naively following the recommendations can
result in a bad situation for a server. Your websocket use case is a good
example. But that problem existed in the old RFC 7540 world too, just set
Exclusive on the never ending CONNECT stream. We can't spell out the entire
combination of ways that things can get hairy, the text warns of the
general problem manifest, and provides a recommendation to avoid it. I
don't see these things as conflicting as strongly as you suggest.

I don't follow your CSS example. Nowhere do we suggest that implementations
block other requests when there is nothing to send. If there is a high
priority request for a resource that is not available then a server that
doesn't utilise the available bandwidth for other resources is doing a bad
job. But that might depend on things like if a server uses a serialized /
HoL blocking interface to speak to the component where resources live.
Again I think that is an implementation point and we can't speak to it much.

I don't think we need to do anything more here but if you have a concrete
proposal for changes or additions then it would be good to review them.

Replacing H2's priority dependency tree with something simpler and defined
> for H2+H3 is very welcome. Thank you for the work put into this.

Thanks for taking the time to read and provide feedback!

> Kind Regards,
> Stefan

Received on Friday, 19 November 2021 03:21:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 19 November 2021 03:22:01 UTC