Web acceleration protocol nears completion

When it comes to speeding up Web traffic over the Internet, sometimes too much of a good thing may not be such a good thing at all.

The Internet Engineering Task Force is putting the final touches on HTTP/2, the second version of the Hypertext Transport Protocol (HTTP). The working group has issued a last call draft, urging interested parties to voice concerns before it becomes a full Internet specification.

Not everyone is completely satisfied with the protocol however.

“There is a lot of good in this proposed standard, but I have some deep reservations about some bad and ugly aspects of the protocol,” wrote Greg Wilkins, lead developer of the open source Jetty server software, noting his concerns in a blog item posted Monday.

Others, however, praise HTTP/2 and say it is long overdue.

“A lot of our users are experimenting with the protocol,” said Owen Garrett, head of products for server software provider NGINX. “The feedback is that generally, they have seen big performance benefits.”

First created by Web originator Tim Berners-Lee and associates, HTTP quite literally powers today’s Web, providing the language for a browser to request a Web page from a server.

Version 2.0 of HTTP, based largely on the SPDY protocol developed by Google, promises to be a better fit for how people use the Web.

“The challenge with HTTP is that it is a fairly simple protocol, and it can be quite laborious to download all the resources required to render a Web page. SPDY addresses this issue,” Garrett said.

While the first generation of Web sites were largely simple and relatively small, static documents, the Web today is used as a platform for delivering applications and bandwidth intensive real-time multimedia content.

HTTP/2 speeds basic HTTP in a number of ways. HTTP/2 allows servers to send all the different elements of a requested Web page at once, eliminating the serial sets of messages that have to be sent back and forth under plain HTTP.

HTTP/2 also allows the server and the browser to compress HTTP, which cuts the amount of data that needs to be communicated between the two.

As a result, HTTP/2 “is really useful for organization with sophisticated Web sites, particularly when its users are distributed globally or using slower networks—mobile users for instance,” Garrett said.

While enthusiastic about the protocol, Wilkins did have several areas of concern. For instance, HTTP/2 could make it more difficult to incorporate new Web protocols, most notably the communications protocol WebSocket, Wilkins asserted.

Wilkins noted that HTTP/2 blurs what were previously two distinct layers of HTTP—the semantic layer, which describes functionality, and the framework layer, which is the structure of the message. The idea is that it is simpler to write protocols for a specification with discrete layers.

The protocol also makes it possible to hide content, including malicious content, within the headers, bypassing the notice of today’s firewalls, Wilkins said.

HTTP/2 could also put a lot more strain on existing servers, Wilkins noted, given that they will now be fielding many more requests at once.

HTTP/2 “clients will send requests much more quickly, and it is quite likely you will see spikier traffic as a result,” Garrett agreed.

As a result, a Web application, if it doesn’t already rely on caching or load balancing, may have to do so with HTTP/2, Garrett said.

The SPDY protocol is already used by almost 1 percent of all the websites, according to an estimate of the W3techs survey company.

NGINX has been a big supporter of SPDY and HTTP/2, not surprising given that the company’s namesake server software was designed for high-traffic websites.

Approximately 88 percent of sites that offer SPDY do so with NGINX, according to W3techs.

Yet NGINX has characterized SPDY to its users as “experimental,” Garrett said, largely because the technology is still evolving and hasn’t been nailed down yet by the formal specification.

“We’re really forward to when the protocol is rubber-stamped,” Garrett said. Once HTTP/2 is approved, “We can recommend it to our customers with confidence,” Garrett said.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies