Presentation material for TokyoRubyKaigi11.
Describes techniques used by H2O, including: techniques to optimize TCP for responsiveness, server-push and cache digests.
Architecting your WebRTC application for scalability, Arin Sime
This document discusses how to architect WebRTC applications for scalability. It begins by outlining some of the challenges in building scalable WebRTC apps. It then presents 4 approaches to building apps: 1) To the WebRTC standard, 2) Unbundled WebRTC, 3) Using open-source media servers, and 4) Using communications platform as a service (CPaaS). Each approach has tradeoffs around cost, difficulty, and features included. The document also discusses using selectice forwarding units or multipoint control units to scale apps and considers architectures using orchestration and containers. It concludes with recommendations around optimizations, load testing, and future technologies.
This document provides an overview of the Masakari project in OpenStack. Masakari is an instances high availability service that automatically recovers instances from failures. It aims to provide high availability for instances, especially for applications being migrated to the cloud. The document discusses Masakari's architecture, features, community, and how to get involved in contributing to the project.
Daniel Stenberg explains HTTP/3 and QUIC at GOTO 10, January 22, 2019. This is the slideset, see https://daniel.haxx.se/blog/2019/01/23/http-3-talk-on-video/ for the video.
HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
As you will see in this film, there are a lot of questions from an interested and educated audience.
Daniel Stenberg is the founder and lead developer of the curl project. He has worked on HTTP implementations for over twenty years. He has been involved in the HTTPbis working group in IETF for ten years and he worked with HTTP in Firefox for years before he left Mozilla. He participates in the QUIC working group and is the author of the widely read documents ”HTTP2 explained” and ”HTTP/3 explained”.
Trabajo de fin de Ciclo Formativo Grado Superior en Administración de Sistemas en red (ASIR/ASIX).
El trabajo consiste en un proyecto de virtualizacion de servidores para dar una alta disponibilidad (HA) mediante el sistema Proxmox. El servicio a dar en cuestión finalmente fue de un servidor proxy y web, por falta de tiempo y problemas con la configuración de Zentyal, fue imposible su instalación.
The document discusses protocols and the TCP/IP protocol suite. It describes protocols as mutually agreed upon conventions and rules that allow different computer systems to communicate. It introduces the concept of a layered protocol architecture with different layers providing services to upper layers. It then provides examples of the OSI reference model and the widely used TCP/IP protocol suite as standard protocol architectures. The TCP/IP model includes layers for applications, transport, internet, and network access. Key protocols discussed are IP, TCP, UDP, and several application layer protocols.
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll is not only a production-grade KVM backup solution. It is also being integrated inside Apache Cloudstack using the Backup and restore framework. Pierre and Quentin will show how it works, the feature list, and how the integration has been made.
Quentin is in charge of DIMSI custom developments on Apache Cloudstack deployment : customer portal, backup solution. On a daily basis, he helps our customers and our developers to use and embrace Devops methodology, by building CI/CD pipelines (GitLab, Azure Devops), dockerizing apps and automate things as much as possible... When not DevOps'ing, Quentin loves to binge watch series and movies, play with his cat "Boogie" and is a crazy fan of street food.
Grégoire is a software architect who spends most of his time designing infrastructure applications and CRM systems, on-premise or multi-cloud based. He’s been using Apache Cloudstack for many years, and likes to keep knowledge and data outside black-boxes Father of 4 children, you can meet him in Southern Brittany, sailing Hobbie Cat or supporting Lorient football club at Moustoir stadium.
Pierre is in charge of Backroll integration inside Cloudstack. Pierre has a proven track record of successful c# and Java projects. When not playing with his keyboard, Pierre is surfing, WingFoiling or bodyboarding on Brittany coast.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
What CloudStackers Need To Know About LINSTOR/DRBD
Philipp explains the best performing Open Source software-defined storage software available to Apache CloudStack today. It consists of two well-concerted components. LINSTOR and DRBD. Each of them also has its independent use cases, where it is deployed alone. In this presentation, the combination of these two is examined. They form the control plane and the data plane of the SDS. We will touch on: Performance, scalability, hyper-convergence (data-locality for high IO performance), resiliency through data replication (synchronous within a site, 2-way, 3-way, or more), snapshots, backup (to S3), encryption at rest, deduplication, compression, placement policies (regarding failure domains), management CLI and webGUI, monitoring interface, self-healing (restoring redundancy after device/node failure), the federation of multiple sites (async mirroring and repeatedly snapshot difference shipping), QoS control (noisy neighbors limitation) and of course: complete integration with CloudStack for KVM guests. It is Open Source software following the Unix philosophy. Each component solves one task, made for maximal re-usability. The solution leverages the Linux kernel, LVM and/or ZFS, and many Open Source software libraries. Building on these giant Open Source foundations, not only saves LINBIT from re-inventing the wheels, it also empowers your day 2 operation teams since they are already familiar with these technologies.
Philipp Reisner is one of the founders and CEO of LINBIT in Vienna/Austria. He holds a Dipl.-Ing. (comparable to MSc) degree in computer science from Technical University in Vienna. His professional career has been dominated by developing DRBD, a storage replication software for Linux. While in the early years (2001) this was writing kernel code, today he leads a company of 30 employees with locations in Austria and the USA. LINBIT is an Open Source company offering enterprise-level support subscriptions for its Open Source technologies.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
This document provides an overview of bandwidth estimation in the Janus WebRTC server. It discusses:
- The importance of bandwidth estimation and congestion control for real-time media like WebRTC.
- Challenges in applying existing bandwidth estimation algorithms designed for endpoints (like GCC) to servers that don't generate their own media.
- An approach taken in Janus to develop a simpler, ad-hoc bandwidth estimation technique for servers based on acknowledged rate, losses, and delays - without relying on existing complex standards-track algorithms.
This is the slide deck I presented at the first CommCon event in the UK: it goes through some of the possible strategies for scaling WebRTC applications, mostly if you're using Janus but not only.
This document discusses using Janus, an open-source WebRTC server, to facilitate access to Asterisk-based services from WebRTC. Janus acts as a gateway between legacy technologies like Asterisk and newer WebRTC technologies. It handles the WebRTC signaling and media processing, taking this load off of Asterisk. This allows Asterisk to focus on other tasks while Janus manages scaling of WebRTC services separately. Janus also provides benefits like supporting new WebRTC features that older systems like Asterisk 11/12 may not support yet.
Slides for the talk I made at the virtual edition of FOSDEM 2022, on how to use WHIP for WebRTC broadcasting ingestion, and how the distribution process could be done via WebRTC as well, e.g., via Janus (and the SOLEIL architecture).
Presentation from SCALE 17x (https://www.socallinuxexpo.org/scale/17x/presentations/fast-http-string-processing-algorithms):
There are binary optimizations in HTTP/2, so the protocol becomes less about string processing. However, strings, sometimes quite large like URI or Cookie, stil exists in HTTP. A typical program working with HTTP, must perform various string operations, e.g. tokenization, string matching, searching for a pattern etc. Classic computer science describe many string processing algorithms, but HTTP strings are special and specialized algorithms can improve performance of the strings processing in several times.
This talk describes:
* How HTTP flood may make you HTTP parser the bottleneck x86-64 issues with branch mispredictions, caching and unaligned memory access
* C compiler optimizations for multi-branch statements and autovectorization
* switch-driven finite state machines (FSM) versus direct jumps (e.g. Ragel)
* what makes HTTP strings special and why LIBC functions aren't good
* strspn()- and strcasecmp()-like algorithms for HTTP strings using SSE and AVX
* efficient custom filtering to prevent injection attacks using AVX
* the cost of FPU context switch and how the Linux kernel works with SIMD
* all the topics are illustrated with microbenchmarks
This document discusses media handling in FreeSWITCH. It covers topics like audio codecs, transcoding, codec negotiation, bypass media, proxy media, and Sangoma transcoding. The document provides details on common audio codecs supported by FreeSWITCH, how transcoding works in FreeSWITCH, codec negotiation algorithms, different media modes like bypass and proxy media, and Sangoma hardware transcoding cards. It aims to give an overview of key concepts around media and codecs in FreeSWITCH.
This document discusses using SIP and WebRTC together. It introduces Janus, an open-source WebRTC server with a modular plugin architecture. One plugin enables SIP gatewaying, allowing WebRTC clients to communicate with SIP networks without needing a SIP stack in the browser. The plugin handles SIP internally while exposing a simpler JSON API to clients. This avoids issues that could arise from putting SIP directly in the browser.
This document provides instructions for installing and configuring the FreeSWITCH open source telephony platform. It summarizes FreeSWITCH's capabilities as a PBX, softswitch, or media server. It then provides step-by-step instructions for downloading, compiling, and configuring a basic FreeSWITCH installation on Linux. It also demonstrates making calls between the FreeSWITCH server and a SIP softphone client.
Build a High Available NFS Cluster Based on CephFS - Shangzhong Zhu
This document discusses building a high availability NFS cluster based on CephFS. It first explains why NFS and CephFS are useful but have limitations. It then describes using multiple active NFS servers with CephFS for reliability, performance and scalability. The document outlines using the user-space NFS server NFS-Ganesha with CephFS and HA solutions like Pacemaker, CTDB and LVS to provide redundancy and load balancing. CTDB is highlighted for providing a clustered TDB database across NFS servers with virtual IPs and automatic failover.
The document discusses optimizations to TCP and HTTP/2 to improve responsiveness on the web. It describes how TCP slow start works and the delays introduced in standard HTTP/2 usage from TCP/TLS handshakes. The author proposes adjusting the TCP send buffer polling threshold to allow switching between responses more quickly based on TCP congestion window state. Benchmark results show this can reduce response times by eliminating an extra round-trip delay.
This document discusses programming TCP for responsiveness when sending HTTP/2 responses. It describes how to reduce head-of-line blocking by filling the TCP congestion window before sending data. The key points are reading TCP states via getsockopt to determine how much data can be sent immediately, and optimizing this only for high latency connections or small congestion windows to avoid additional response delays. Benchmarks show this approach can reduce response times from multiple round-trip times to a single RTT.
Linux HTTPS/TCP/IP Stack for the Fast and Secure Web
Presented at All Things Open 2018
Presented by Alexander Krizhanovsky with Tempesta Technologies INC
10/23/18 - 2:00 PM - Networking/Infrastructure Track
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
The new HTTP/2 protocol which is going to replace HTTP 1.1 was finished on February. Together with it, QUIC is being developed rapidly. Discover why are they so important for the Web and how will they influence the way we optimize the Web stack for the HTTP/2 era.
A technical description of http2, including background of HTTP what's been problematic with it and how http2 and its features improves the web.
See the "http2 explained" document with the complete transcript and more: http://daniel.haxx.se/http2/
(Updated version to slides shown on April 13th, 2016)
Talk about HTTP/2, how it has been deployed, did it meet its promises and how QUIC is going to attempt to fix some of the remaining issues. Held in FOSDEM at Febyrar 2017.
- HTTP/2 aims to reduce HTTP response times by improving bandwidth efficiency and reducing the number of connections and messages needed. It allows requests to be multiplexed over a single connection.
- While it can't reduce latency at the packet level, it aims to reduce overall response times through features like header compression, server push, and priority hints.
- HTTP/2 is currently supported by major browsers and servers. Implementations so far show response time reductions of 5-60% compared to HTTP/1.1.
Intilop Corporation is a pioneer in developing and providing ‘Customizable Silicon IP’ in the area of Networking, Network Security, data storage-SAN/NAS and embedded applications that allows customers to differentiate their products and make quick enhancements. Intilop and its customers have successfully implemented these in several ASICs, SOCs, FPGAs and full-scale systems.
The document introduces HTTP/2 and discusses limitations of HTTP 1.1 including head of line blocking, TCP slow start, and latency issues. It describes key features of HTTP/2 such as multiplexing requests over a single TCP connection, header compression, and server push to reduce page load times. The presentation includes demos of HTTP/2 in Chrome dev tools and Wireshark to troubleshoot HTTP/2 connections.
The web has dramatically evolved over the last 20+ years, yet HTTP - the workhorse of the Web - has not. Web developers have worked around HTTP's limitations, but:
--> Performance still falls short of full bandwidth utilization
--> Web design and maintenance are more complex
--> Resource consumption increases for client and server
--> Cacheability of resources suffers
HTTP/2 attempts to solve many of the shortcomings and inflexibilities of HTTP/1.1
This document provides instructions for upgrading a router's firmware and describes various router networking configuration options. It discusses upgrading firmware by dragging and dropping files, configuring NTP for time synchronization, using the router as a DNS server and cache, setting up DHCP for IP address leasing, implementing bandwidth management through speed limiting and queues, and using ARP for MAC address resolution.
This document provides a primer on browser networking. It begins with an introduction and overview of the target audience. The content includes an explanation of the TCP/IP network model and layers. Key aspects of TCP such as the three-way handshake, flow control, slow start, and head of line blocking are described. The history of web protocols like HTTP 0.9, HTTP 1.0, HTTP 1.1, and developments like HTTP 2.0, SPDY, and QUIC are summarized. Examples and diagrams are provided to illustrate concepts. Resources for further reading are included.
Are you tired of troubleshooting with TCPdump? The Avi Vantage Platform is here to help. Learn how you can reconsider your decades-old CPU-intensive logging tools – and gain intuitive, real-time analytics, faster time-to-resolution, modern SSL / TLS encryption, and (most importantly) happy IT teams focused on delivering applications.
Watch this Avi webinar to learn:
- Why TCPdump should be your tool of last resort
- How headers compressed with HTTP/2, PFS, and distributed systems have rendered certain tools useless
- How you can replace TCPdump with intelligent logs and analytics
- How to future proof your troubleshooting tools with HTTP/3, TLS 1.3, containers and Kubernetes
Watch on-demand here https://www.networkworld.com/resources/form?placement_id=de4979d3-4f46-498e-8285-2bdad91ca3fb&brand_id=512
Стек Linux HTTPS/TCP/IP для защиты от HTTP-DDoS-атак
В докладе рассказывается о расширении для стека протоколов TCP/IP в ОС Linux, которое необходимо для того, чтобы HTTPS работал в том же стеке, что TCP и IP. DDoS-атаки такого типа как HTTP-флуд на уровне приложений, как правило, подавляются HTTP-акселераторами или балансировщиками нагрузки HTTP. Однако интерфейс сокетов Linux, используемый программным обеспечением, не дает той продуктивности, которая необходима при предельных нагрузках, вызванных DDoS-атаками. HTTP-серверы на базе стеков TCP/IP в пространстве пользователя становятся популярными в связи с увеличением их эффективности, но стеки TCP/IP представляют собой масштабный и сложный код, поэтому неблагоразумно реализовывать и исполнять его дважды — в пространстве пользователя и пространстве ядра. Стек TCP/IP в пространстве ядра хорошо интегрирован со многими мощными инструментами, например IPTables, IPVS, tc, tcpdump, которые недоступны для стека TCP/IP в пространстве пользователя или требуют сложных интерфейсов. Докладчик представит решение Tempesta FW, которое передает обработку HTTPS ядру. HTTPS встроен в стек TCP/IP Linux. Исполняя функцию межсетевого экрана HTTP, Tempesta FW устанавливает набор ограничений по скорости передачи и набор эвристических правил для защиты от таких атак как HTTPS-флуд и Slow HTTP.
This document provides an introduction to IPv6 including a discussion of IPv6 addresses, headers, autoconfiguration, DNS, and the transition from IPv4. It describes key aspects of IPv6 such as the 128-bit addresses, extension headers, stateless address autoconfiguration, neighbor discovery, and duplicate address detection. The document also discusses DNS records for IPv6, transition technologies like dual-stack and tunneling, and some security considerations for IPv6 deployment.
This document summarizes a presentation about the QUIC protocol. It begins with an overview of QUIC and its goals of eliminating overhead from the strict layering of TCP, TLS, and HTTP. It then discusses problems with the traditional protocols like multiple roundtrips needed for HTTP requests, TCP handshake overhead, and inefficient usage of bandwidth. QUIC aims to address these by being UDP-based and combining connection establishment and encryption with sending and receiving data in one roundtrip or less. The presentation also covers how prior protocols like SPDY and HTTP/2 improved performance but were still bottlenecked by relying on TCP. It concludes with an explanation of bufferbloat and how excessive buffering in network nodes can increase latency and jitter.
RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...
This virtual meetup covered several topics related to RTBkit:
1. The developer spotlight featured Nicolas Emiliani, the RTB dev team lead at Motrixi, discussing getting an RTBKit installation running.
2. Attendees learned about Motrixi's traffic which includes up to 40k queries per second from US and Canada connected to several exchanges.
3. The meetup discussed isolating the RTBKit stack using a reverse proxy, important kernel parameters, and transitioning to HTTP interfaces for RTBkit 2.0.
The document discusses the performance of HTTP/2 compared to HTTP/1.1 across different network conditions. It summarizes results from testing 8 real websites under 16 bandwidth and latency combinations with varying packet loss rates. Overall, HTTP/2 performs better for document complete time and speed index, especially on slower connections, though results vary depending on the specific site and metrics measured.
Cloud-init is a set of services that handles early initialization and configuration of virtual machines. It retrieves user-data and metadata from cloud providers to customize VMs during boot. Cloud-init runs in stages, starting with network setup and continuing through configuration and finalization. It supports various data sources like CloudStack and ConfigDrive and runs modules specified in /etc/cloud/cloud.cfg to perform tasks like package installation, user management, and more.
These are the slides for the presentation I shared at the virtual edition of IIT-RTC 2022. I talked about how cascading/scalability worked with Janus 0.x, and what steps we've taken to do the same for 1.x (multistream) as well. In particular, the focus is on the new integrated cascading support in the VideoRoom plugin.
Architecting your WebRTC application for scalability, Arin SimeAlan Quayle
This document discusses how to architect WebRTC applications for scalability. It begins by outlining some of the challenges in building scalable WebRTC apps. It then presents 4 approaches to building apps: 1) To the WebRTC standard, 2) Unbundled WebRTC, 3) Using open-source media servers, and 4) Using communications platform as a service (CPaaS). Each approach has tradeoffs around cost, difficulty, and features included. The document also discusses using selectice forwarding units or multipoint control units to scale apps and considers architectures using orchestration and containers. It concludes with recommendations around optimizations, load testing, and future technologies.
This document provides an overview of the Masakari project in OpenStack. Masakari is an instances high availability service that automatically recovers instances from failures. It aims to provide high availability for instances, especially for applications being migrated to the cloud. The document discusses Masakari's architecture, features, community, and how to get involved in contributing to the project.
Daniel Stenberg explains HTTP/3 and QUIC at GOTO 10, January 22, 2019. This is the slideset, see https://daniel.haxx.se/blog/2019/01/23/http-3-talk-on-video/ for the video.
HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
As you will see in this film, there are a lot of questions from an interested and educated audience.
Daniel Stenberg is the founder and lead developer of the curl project. He has worked on HTTP implementations for over twenty years. He has been involved in the HTTPbis working group in IETF for ten years and he worked with HTTP in Firefox for years before he left Mozilla. He participates in the QUIC working group and is the author of the widely read documents ”HTTP2 explained” and ”HTTP/3 explained”.
Trabajo de fin de Ciclo Formativo Grado Superior en Administración de Sistemas en red (ASIR/ASIX).
El trabajo consiste en un proyecto de virtualizacion de servidores para dar una alta disponibilidad (HA) mediante el sistema Proxmox. El servicio a dar en cuestión finalmente fue de un servidor proxy y web, por falta de tiempo y problemas con la configuración de Zentyal, fue imposible su instalación.
The document discusses protocols and the TCP/IP protocol suite. It describes protocols as mutually agreed upon conventions and rules that allow different computer systems to communicate. It introduces the concept of a layered protocol architecture with different layers providing services to upper layers. It then provides examples of the OSI reference model and the widely used TCP/IP protocol suite as standard protocol architectures. The TCP/IP model includes layers for applications, transport, internet, and network access. Key protocols discussed are IP, TCP, UDP, and several application layer protocols.
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackShapeBlue
Backroll is not only a production-grade KVM backup solution. It is also being integrated inside Apache Cloudstack using the Backup and restore framework. Pierre and Quentin will show how it works, the feature list, and how the integration has been made.
Quentin is in charge of DIMSI custom developments on Apache Cloudstack deployment : customer portal, backup solution. On a daily basis, he helps our customers and our developers to use and embrace Devops methodology, by building CI/CD pipelines (GitLab, Azure Devops), dockerizing apps and automate things as much as possible... When not DevOps'ing, Quentin loves to binge watch series and movies, play with his cat "Boogie" and is a crazy fan of street food.
Grégoire is a software architect who spends most of his time designing infrastructure applications and CRM systems, on-premise or multi-cloud based. He’s been using Apache Cloudstack for many years, and likes to keep knowledge and data outside black-boxes Father of 4 children, you can meet him in Southern Brittany, sailing Hobbie Cat or supporting Lorient football club at Moustoir stadium.
Pierre is in charge of Backroll integration inside Cloudstack. Pierre has a proven track record of successful c# and Java projects. When not playing with his keyboard, Pierre is surfing, WingFoiling or bodyboarding on Brittany coast.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
What CloudStackers Need To Know About LINSTOR/DRBDShapeBlue
Philipp explains the best performing Open Source software-defined storage software available to Apache CloudStack today. It consists of two well-concerted components. LINSTOR and DRBD. Each of them also has its independent use cases, where it is deployed alone. In this presentation, the combination of these two is examined. They form the control plane and the data plane of the SDS. We will touch on: Performance, scalability, hyper-convergence (data-locality for high IO performance), resiliency through data replication (synchronous within a site, 2-way, 3-way, or more), snapshots, backup (to S3), encryption at rest, deduplication, compression, placement policies (regarding failure domains), management CLI and webGUI, monitoring interface, self-healing (restoring redundancy after device/node failure), the federation of multiple sites (async mirroring and repeatedly snapshot difference shipping), QoS control (noisy neighbors limitation) and of course: complete integration with CloudStack for KVM guests. It is Open Source software following the Unix philosophy. Each component solves one task, made for maximal re-usability. The solution leverages the Linux kernel, LVM and/or ZFS, and many Open Source software libraries. Building on these giant Open Source foundations, not only saves LINBIT from re-inventing the wheels, it also empowers your day 2 operation teams since they are already familiar with these technologies.
Philipp Reisner is one of the founders and CEO of LINBIT in Vienna/Austria. He holds a Dipl.-Ing. (comparable to MSc) degree in computer science from Technical University in Vienna. His professional career has been dominated by developing DRBD, a storage replication software for Linux. While in the early years (2001) this was writing kernel code, today he leads a company of 30 employees with locations in Austria and the USA. LINBIT is an Open Source company offering enterprise-level support subscriptions for its Open Source technologies.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
This document provides an overview of bandwidth estimation in the Janus WebRTC server. It discusses:
- The importance of bandwidth estimation and congestion control for real-time media like WebRTC.
- Challenges in applying existing bandwidth estimation algorithms designed for endpoints (like GCC) to servers that don't generate their own media.
- An approach taken in Janus to develop a simpler, ad-hoc bandwidth estimation technique for servers based on acknowledged rate, losses, and delays - without relying on existing complex standards-track algorithms.
This is the slide deck I presented at the first CommCon event in the UK: it goes through some of the possible strategies for scaling WebRTC applications, mostly if you're using Janus but not only.
This document discusses using Janus, an open-source WebRTC server, to facilitate access to Asterisk-based services from WebRTC. Janus acts as a gateway between legacy technologies like Asterisk and newer WebRTC technologies. It handles the WebRTC signaling and media processing, taking this load off of Asterisk. This allows Asterisk to focus on other tasks while Janus manages scaling of WebRTC services separately. Janus also provides benefits like supporting new WebRTC features that older systems like Asterisk 11/12 may not support yet.
Slides for the talk I made at the virtual edition of FOSDEM 2022, on how to use WHIP for WebRTC broadcasting ingestion, and how the distribution process could be done via WebRTC as well, e.g., via Janus (and the SOLEIL architecture).
Presentation from SCALE 17x (https://www.socallinuxexpo.org/scale/17x/presentations/fast-http-string-processing-algorithms):
There are binary optimizations in HTTP/2, so the protocol becomes less about string processing. However, strings, sometimes quite large like URI or Cookie, stil exists in HTTP. A typical program working with HTTP, must perform various string operations, e.g. tokenization, string matching, searching for a pattern etc. Classic computer science describe many string processing algorithms, but HTTP strings are special and specialized algorithms can improve performance of the strings processing in several times.
This talk describes:
* How HTTP flood may make you HTTP parser the bottleneck x86-64 issues with branch mispredictions, caching and unaligned memory access
* C compiler optimizations for multi-branch statements and autovectorization
* switch-driven finite state machines (FSM) versus direct jumps (e.g. Ragel)
* what makes HTTP strings special and why LIBC functions aren't good
* strspn()- and strcasecmp()-like algorithms for HTTP strings using SSE and AVX
* efficient custom filtering to prevent injection attacks using AVX
* the cost of FPU context switch and how the Linux kernel works with SIMD
* all the topics are illustrated with microbenchmarks
This document discusses media handling in FreeSWITCH. It covers topics like audio codecs, transcoding, codec negotiation, bypass media, proxy media, and Sangoma transcoding. The document provides details on common audio codecs supported by FreeSWITCH, how transcoding works in FreeSWITCH, codec negotiation algorithms, different media modes like bypass and proxy media, and Sangoma hardware transcoding cards. It aims to give an overview of key concepts around media and codecs in FreeSWITCH.
This document discusses using SIP and WebRTC together. It introduces Janus, an open-source WebRTC server with a modular plugin architecture. One plugin enables SIP gatewaying, allowing WebRTC clients to communicate with SIP networks without needing a SIP stack in the browser. The plugin handles SIP internally while exposing a simpler JSON API to clients. This avoids issues that could arise from putting SIP directly in the browser.
This document provides instructions for installing and configuring the FreeSWITCH open source telephony platform. It summarizes FreeSWITCH's capabilities as a PBX, softswitch, or media server. It then provides step-by-step instructions for downloading, compiling, and configuring a basic FreeSWITCH installation on Linux. It also demonstrates making calls between the FreeSWITCH server and a SIP softphone client.
Build a High Available NFS Cluster Based on CephFS - Shangzhong ZhuCeph Community
This document discusses building a high availability NFS cluster based on CephFS. It first explains why NFS and CephFS are useful but have limitations. It then describes using multiple active NFS servers with CephFS for reliability, performance and scalability. The document outlines using the user-space NFS server NFS-Ganesha with CephFS and HA solutions like Pacemaker, CTDB and LVS to provide redundancy and load balancing. CTDB is highlighted for providing a clustered TDB database across NFS servers with virtual IPs and automatic failover.
The document discusses optimizations to TCP and HTTP/2 to improve responsiveness on the web. It describes how TCP slow start works and the delays introduced in standard HTTP/2 usage from TCP/TLS handshakes. The author proposes adjusting the TCP send buffer polling threshold to allow switching between responses more quickly based on TCP congestion window state. Benchmark results show this can reduce response times by eliminating an extra round-trip delay.
This document discusses programming TCP for responsiveness when sending HTTP/2 responses. It describes how to reduce head-of-line blocking by filling the TCP congestion window before sending data. The key points are reading TCP states via getsockopt to determine how much data can be sent immediately, and optimizing this only for high latency connections or small congestion windows to avoid additional response delays. Benchmarks show this approach can reduce response times from multiple round-trip times to a single RTT.
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebAll Things Open
Presented at All Things Open 2018
Presented by Alexander Krizhanovsky with Tempesta Technologies INC
10/23/18 - 2:00 PM - Networking/Infrastructure Track
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 erapeychevi
The new HTTP/2 protocol which is going to replace HTTP 1.1 was finished on February. Together with it, QUIC is being developed rapidly. Discover why are they so important for the Web and how will they influence the way we optimize the Web stack for the HTTP/2 era.
A technical description of http2, including background of HTTP what's been problematic with it and how http2 and its features improves the web.
See the "http2 explained" document with the complete transcript and more: http://daniel.haxx.se/http2/
(Updated version to slides shown on April 13th, 2016)
Talk about HTTP/2, how it has been deployed, did it meet its promises and how QUIC is going to attempt to fix some of the remaining issues. Held in FOSDEM at Febyrar 2017.
- HTTP/2 aims to reduce HTTP response times by improving bandwidth efficiency and reducing the number of connections and messages needed. It allows requests to be multiplexed over a single connection.
- While it can't reduce latency at the packet level, it aims to reduce overall response times through features like header compression, server push, and priority hints.
- HTTP/2 is currently supported by major browsers and servers. Implementations so far show response time reductions of 5-60% compared to HTTP/1.1.
Intilop Corporation is a pioneer in developing and providing ‘Customizable Silicon IP’ in the area of Networking, Network Security, data storage-SAN/NAS and embedded applications that allows customers to differentiate their products and make quick enhancements. Intilop and its customers have successfully implemented these in several ASICs, SOCs, FPGAs and full-scale systems.
The document introduces HTTP/2 and discusses limitations of HTTP 1.1 including head of line blocking, TCP slow start, and latency issues. It describes key features of HTTP/2 such as multiplexing requests over a single TCP connection, header compression, and server push to reduce page load times. The presentation includes demos of HTTP/2 in Chrome dev tools and Wireshark to troubleshoot HTTP/2 connections.
The web has dramatically evolved over the last 20+ years, yet HTTP - the workhorse of the Web - has not. Web developers have worked around HTTP's limitations, but:
--> Performance still falls short of full bandwidth utilization
--> Web design and maintenance are more complex
--> Resource consumption increases for client and server
--> Cacheability of resources suffers
HTTP/2 attempts to solve many of the shortcomings and inflexibilities of HTTP/1.1
This document provides instructions for upgrading a router's firmware and describes various router networking configuration options. It discusses upgrading firmware by dragging and dropping files, configuring NTP for time synchronization, using the router as a DNS server and cache, setting up DHCP for IP address leasing, implementing bandwidth management through speed limiting and queues, and using ARP for MAC address resolution.
This document provides a primer on browser networking. It begins with an introduction and overview of the target audience. The content includes an explanation of the TCP/IP network model and layers. Key aspects of TCP such as the three-way handshake, flow control, slow start, and head of line blocking are described. The history of web protocols like HTTP 0.9, HTTP 1.0, HTTP 1.1, and developments like HTTP 2.0, SPDY, and QUIC are summarized. Examples and diagrams are provided to illustrate concepts. Resources for further reading are included.
Reconsider TCPdump for Modern TroubleshootingAvi Networks
Are you tired of troubleshooting with TCPdump? The Avi Vantage Platform is here to help. Learn how you can reconsider your decades-old CPU-intensive logging tools – and gain intuitive, real-time analytics, faster time-to-resolution, modern SSL / TLS encryption, and (most importantly) happy IT teams focused on delivering applications.
Watch this Avi webinar to learn:
- Why TCPdump should be your tool of last resort
- How headers compressed with HTTP/2, PFS, and distributed systems have rendered certain tools useless
- How you can replace TCPdump with intelligent logs and analytics
- How to future proof your troubleshooting tools with HTTP/3, TLS 1.3, containers and Kubernetes
Watch on-demand here https://www.networkworld.com/resources/form?placement_id=de4979d3-4f46-498e-8285-2bdad91ca3fb&brand_id=512
В докладе рассказывается о расширении для стека протоколов TCP/IP в ОС Linux, которое необходимо для того, чтобы HTTPS работал в том же стеке, что TCP и IP. DDoS-атаки такого типа как HTTP-флуд на уровне приложений, как правило, подавляются HTTP-акселераторами или балансировщиками нагрузки HTTP. Однако интерфейс сокетов Linux, используемый программным обеспечением, не дает той продуктивности, которая необходима при предельных нагрузках, вызванных DDoS-атаками. HTTP-серверы на базе стеков TCP/IP в пространстве пользователя становятся популярными в связи с увеличением их эффективности, но стеки TCP/IP представляют собой масштабный и сложный код, поэтому неблагоразумно реализовывать и исполнять его дважды — в пространстве пользователя и пространстве ядра. Стек TCP/IP в пространстве ядра хорошо интегрирован со многими мощными инструментами, например IPTables, IPVS, tc, tcpdump, которые недоступны для стека TCP/IP в пространстве пользователя или требуют сложных интерфейсов. Докладчик представит решение Tempesta FW, которое передает обработку HTTPS ядру. HTTPS встроен в стек TCP/IP Linux. Исполняя функцию межсетевого экрана HTTP, Tempesta FW устанавливает набор ограничений по скорости передачи и набор эвристических правил для защиты от таких атак как HTTPS-флуд и Slow HTTP.
This document provides an introduction to IPv6 including a discussion of IPv6 addresses, headers, autoconfiguration, DNS, and the transition from IPv4. It describes key aspects of IPv6 such as the 128-bit addresses, extension headers, stateless address autoconfiguration, neighbor discovery, and duplicate address detection. The document also discusses DNS records for IPv6, transition technologies like dual-stack and tunneling, and some security considerations for IPv6 deployment.
This document summarizes a presentation about the QUIC protocol. It begins with an overview of QUIC and its goals of eliminating overhead from the strict layering of TCP, TLS, and HTTP. It then discusses problems with the traditional protocols like multiple roundtrips needed for HTTP requests, TCP handshake overhead, and inefficient usage of bandwidth. QUIC aims to address these by being UDP-based and combining connection establishment and encryption with sending and receiving data in one roundtrip or less. The presentation also covers how prior protocols like SPDY and HTTP/2 improved performance but were still bottlenecked by relying on TCP. It concludes with an explanation of bufferbloat and how excessive buffering in network nodes can increase latency and jitter.
RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...Datacratic
This virtual meetup covered several topics related to RTBkit:
1. The developer spotlight featured Nicolas Emiliani, the RTB dev team lead at Motrixi, discussing getting an RTBKit installation running.
2. Attendees learned about Motrixi's traffic which includes up to 40k queries per second from US and Canada connected to several exchanges.
3. The meetup discussed isolating the RTBKit stack using a reverse proxy, important kernel parameters, and transitioning to HTTP interfaces for RTBkit 2.0.
Similar to Developing the fastest HTTP/2 server (20)
The document discusses the performance of HTTP/2 compared to HTTP/1.1 across different network conditions. It summarizes results from testing 8 real websites under 16 bandwidth and latency combinations with varying packet loss rates. Overall, HTTP/2 performs better for document complete time and speed index, especially on slower connections, though results vary depending on the specific site and metrics measured.
Cache aware-server-push in H2O version 1.5Kazuho Oku
This document discusses cache-aware server push in H2O version 1.5. It describes calculating a fingerprint of cached assets using a Golomb compressed set to identify what assets need to be pushed from the server. It also discusses implementing this fingerprint using a cookie or service worker. The hybrid approach stores responses in the service worker cache and updates the cookie fingerprint. H2O 1.5 implements cookie-based fingerprints to cancel push indications for cached assets, potentially improving page load speeds.
JSON SQL Injection and the Lessons LearnedKazuho Oku
This document discusses JSON SQL injection and lessons learned from vulnerabilities in SQL query builders. It describes how user-supplied JSON input containing operators instead of scalar values could manipulate queries by injecting conditions like id!='-1' instead of a specific id value. This allows accessing unintended data. The document examines how SQL::QueryMaker and a strict mode in SQL::Maker address this by restricting query parameters to special operator objects or raising errors on non-scalar values. While helpful, strict mode may break existing code, requiring changes to parameter handling. The vulnerability also applies to other languages' frameworks that similarly convert arrays to SQL IN clauses.
This document discusses using the prove command-line tool to run tests and other scripts. Prove is a test runner that uses the Test Anything Protocol (TAP) to aggregate results. It can run tests and scripts written in any language by specifying the interpreter with --exec. Extensions other than .t can be run by setting --ext. Prove searches for tests in the t/ directory by default but can run any kind of scripts or tasks placed in t/, such as service monitoring scripts. The .proverc file can save common prove options for a project.
JSX - developing a statically-typed programming language for the WebKazuho Oku
Kazuho Oku presents JSX, a statically-typed programming language that compiles to JavaScript. JSX aims to improve productivity over JavaScript by enabling errors to be caught at compile-time rather than runtime. It also aims to optimize code size and execution speed compared to JavaScript through type information and compiler optimizations. Oku discusses JSX language features like classes and types, benchmarks showing improved performance over JavaScript, and efforts to bind JSX to W3C standards through automatic translation of interface definition languages.
The document discusses the JSX Optimizer, which performs optimizations on JavaScript code that JavaScript VMs cannot. It aims to minimize the need for inline caching, pressure on the garbage collector, and maintain the original code structure while optimizing. Some optimizations included are constant folding, inlining functions, and unboxing. Challenges include switching to SSA form and maintaining debuggability of the original code. Benchmark results show a 13.5-28.7% increase in frames per second for the Box2D game engine.
Have you ever built a sandcastle at the beach, only to see it crumble when the tide comes in? In the digital world, our information is like that sandcastle, constantly under threat from waves of cyberattacks. A cybersecurity course is like learning to build a fortress for your information!
This course will teach you how to protect yourself from sneaky online characters who might try to steal your passwords, photos, or even mess with your computer. You'll learn about things like:
* **Spotting online traps:** Phishing emails that look real but could steal your info, and websites that might be hiding malware (like tiny digital monsters).
* **Building strong defenses:** Creating powerful passwords and keeping your software up-to-date, like putting a big, strong lock on your digital door.
* **Fighting back (safely):** Learning how to identify and avoid threats, and what to do if something does go wrong.
By the end of this course, you'll be a cybersecurity champion, ready to defend your digital world and keep your information safe and sound!
10th International Conference on Networks, Mobile Communications and Telema...ijp2p
10th International Conference on Networks, Mobile Communications and
Telematics (NMOCT 2024)
Scope
10th International Conference on Networks, Mobile Communications and Telematics (NMOCT 2024) is a forum for presenting new advances and research results in the fields of Network, Mobile communications, and Telematics. The aim of the conference is to provide a platform to the researchers and practitioners from both academia as well as industry to meet and share cutting-edge development in the field.
Authors are solicited to contribute to the conference by submitting articles that illustrate research results, projects, surveying works, and industrial experiences that describe significant advances in the following areas but are not limited to.
Topics of interest include, but are not limited to, the following:
Mobile Communications and Telematics Mobile Network Management and Service Infrastructure Mobile Computing Integrated Mobile Marketing Communications Efficacy of Mobile Communications Mobile Communication Applications Critical Success Factors for Mobile Communication Diffusion Metric Mobile Business Enterprise Mobile Communication Security Issues and Requirements Mobile and Handheld Devices in the Education Telematics Tele-Learning Privacy and Security in Mobile Computing and Wireless Systems Cross-Cultural Mobile Communication Issues Integration and Interworking of Wired and Wireless Networks Location Management for Mobile Communications Distributed Systems Aspects of Mobile Computing Next Generation Internet Next Generation Web Architectures Network Operations and Management Adhoc and Sensor Networks Internet and Web Applications Ubiquitous Networks Wireless Multimedia Systems Wireless Communications
Heterogeneous Wireless Networks Operating System and Middleware Support for Mobile Computing Interaction and Integration in Mobile Communications Business Models for Mobile Communications E-Commerce & E-Governance
Nomadic and Portable Communication Wireless Information Assurance Mobile Multimedia Architecture and Network Management Mobile Multimedia Network Traffic Engineering & Optimization Mobile Multimedia Infrastructure Developments Mobile Multimedia Markets & Business Models Personalization, Privacy and Security in Mobile Multimedia Mobile Computing Software Architectures Network & Communications Network Protocols & Wireless Networks Network Architectures High Speed Networks Routing, Switching and Addressing Techniques Measurement and Performance Analysis Peer To Peer and Overlay Networks QOS and Resource Management Network-Based Applications Network Security Self-organizing networks and Networked Systems Mobile & Broadband Wireless Internet Recent Trends & Developments in Computer Networks
Paper Submission
Authors are invited to submit papers through the conference Submission System by July 06, 2024. Submissions must be original and
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirtsexgf28
Jarren Duran Fuck EM T shirts
https://www.pinterest.com/youngtshirt/jarren-duran-fuck-em-t-shirts/
Happy to Pay Fine for Expletive shirt,Happy to Pay Fine for Expletive T shirts,Jarren Duran Fuck EM T shirts Grabs yours today. tag and share who loves it.
Megalive99 Situs Betting Online Gacor TerpercayaMegalive99
Megalive99 telah menetapkan standar tinggi untuk platform taruhan online. Berbagai macam permainan, desain ramah pengguna, dan transaksi aman menjadikannya pilihan utama para petaruh.
2. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Who am I?
n Kazuho Oku
n Major works:
⁃ Palmscape / Xiino (web browser for Palm OS)
• awarded M.I.T. TR 100/2002
⁃ Mitoh project 2004 super creator
⁃ Q4M (message queue plugin for MySQL)
• MySQL Conference Community Awards 2011
⁃ H2O (HTTP/2 server)
• Japan OSS Contribution Award 2015
2 Developing the fastest HTTP/2 server
13. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
The reasons HTTP/1.1 is slow
n concurrency is too small
⁃ multiple round-trips required when issuing many
requests
n no prioritization between. requests
⁃ can suspend HTML / image streams in favor of
CSS / JS
n big request / response headers
⁃ typically hundreds of octets
⁃ becomes an overhead when issuing many reqs.
13 Developing the fastest HTTP/2 server
18. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
TCP slow start
n Initial Congestion Window (IW)=10
⁃ only 10 packets can be sent in first RTT
⁃ used to be IW=3
n window increase: 1.5x/RTT
18 Developing the fastest HTTP/2 server
0
100,000
200,000
300,000
400,000
500,000
600,000
700,000
800,000
1 2 3 4 5 6 7 8
bytes transmi,ed
RTT
TCP slow start (IW10, MSS1460)
19. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Flow of the ideal HTTP
n fastest within the limits of TCP/IP
n receive a request 0-RTT, and:
⁃ first send CSS/JS*
⁃ then send the HTML
⁃ then send the images*
*: but only the ones not cached by the browser
19 Developing the fastest HTTP/2 server
client server
1 RTT
request
response
20. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
The reality in HTTP/2
n TCP establishment: +1 RTT
n TLS handshake: +2 RTT*
n HTML fetch: +1 RTT
n JS,CSS fetch: +2 RTT**
n Total: 6 RTT
*: 1 RTT on reconnection
**: servers often cannot switch to sending JS,CSS
instantly, due to the output buffered in TCP send buffer
20 Developing the fastest HTTP/2 server
client server
1 RTT
TCP SYN
TCP SYNACK
TLS Handshake
TLS Handshake
TLS Handshake
TLS Handshake
GET /
HTML
GET css,js
css, js
〜〜
24. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Typical sequence of HTTP/2
24 Developing the fastest HTTP/2 server
HTTP/2 200 OK
<!DOCTYPE HTML>
…
<SCRIPT SRC=”jquery.js”>
…
client server
GET /
GET /jquery.js
need to switch sending from HTML
to JS at this very moment
(means that amount of data sent in
* must be smaller than IW)
1 RTT
*
25. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Buffering in TCP and TLS layer
25 Developing the fastest HTTP/2 server
TCP send buffer
CWND
unacked poll threshold
BIO buf.
// ordinary code (non-blocking)
while (SSL_write(…) != SSL_ERR_WANT_WRITE)
;
TLS Records
sent immediately not immediately sent
HTTP/2 frames
26. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Why do we have buffers?
26 Developing the fastest HTTP/2 server
n TCP send buffer:
⁃ reduce ping-pong bet. kernel and application
n BIO buffer:
⁃ for data that couldnʼt be stored in TCP send buffer
TCP send buffer
CWND
unacked poll threshold
BIO buf.
TLS Records
sent immediately not immediately sent
HTTP/2 frames
28. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Adjust poll threshold
28 Developing the fastest HTTP/2 server
TCP send buffer
CWND
unacked poll threshold
n set poll threshold to the end of CWND?
⁃ setsockopt(TCP_NOTSENT_LOWAT)
⁃ in linux, the minimum is CWND + 1 octet
• becomes unstable when set to CWND + 0
TLS Records
sent immediately not immediately sent
HTTP/2 frames
30. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Further improvement: read TCP states
30 Developing the fastest HTTP/2 server
CWND
unacked poll threshold
// calc size of data to send by calling getsockopt(TCP_INFO)
if (poll_for_write(fd) == SOCKET_IS_READY) {
capacity = CWND + unacked + ONE_MSS - TLS_overhead;
SSL_write(prepare_http2_frames(capacity));
}
TLS Records
sent immediately not immediately sent
HTTP/2 frames
TCP send buffer
31. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Issues in the proposed approach
n increased delay bet. ACK recv. → data send
⁃ leads to slower peak speed
⁃ reason:
• traditional approach: completes within kernel
• this approach: application needs to be notified to
generate new data
n solution:
⁃ use the approach only when necessary
• i.e. when RTT is big and CWND is small
• increased delay can be ignored if: delay << RTT
31 Developing the fastest HTTP/2 server
32. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Code for calculating size of data to send
size_t get_suggested_write_size() {
getsockopt(fd, IPPROTO_TCP, TCP_INFO, &tcp_info, sizeof(tcp_info));
if (tcp_info.tcpi_rtt < min_rtt || tcp_info.tcpi_snd_cwnd > max_cwnd)
return UNKNOWN;
switch (SSL_get_current_cipher(ssl)->id) {
case TLS1_CK_RSA_WITH_AES_128_GCM_SHA256:
case …:
tls_overhead = 5 + 8 + 16;
break;
default:
return UNKNOWN;
}
packets_sendable = tcp_info.tcpi_snd_cwnd > tcp_info.tcpi_unacked ?
tcp_info.tcpi_snd_cwnd - tcp_info.tcpi_unacked : 0;
return (packets_sendable + 1) * (tcp_info.tcpi_snd_mss - tls_overhead);
}
32 Developing the fastest HTTP/2 server
35. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Same problem exists with load balancers
n L4 L/B or TLS terminator also act as buffers
⁃ impact bigger than that of TCP send buffer of
httpd
n solution:
⁃ best: donʼt use L/B
⁃ next to best: implement mitigations in L/B
⁃ long-term: TCP migration + L3 NAT or DSR
• i.e. accept in L/B, then transfer the connection to
HTTP/2 server
35 Developing the fastest HTTP/2 server
38. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Use-case: conceal request process time
n ex. RTT=50ms, process time=200ms
38 Developing the fastest HTTP/2 server
req.
process request
push-asset
HTML
push-asset
push-asset
push-asset
req.
process request
asset
HTML
asset
asset
asset
req.
450ms (5 RTT + processing =me)
250ms (1 RTT + processing =me)
without push with push
39. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Use-case: conceal network distance
n CDNsʼ use-case
⁃ utilize the conn. while waiting for app. response
⁃ side-effect: reduce the number of app DCs
39 Developing the fastest HTTP/2 server
req.
push-asset
HTML
push-asset
push-asset
push-asset
client edge server (CDN) app. server
req.
HTML
40. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Issues of server-push
n how to determine if a resource is already cached
⁃ shouldnʼt push a resource already in cache
• waste of bandwidth (and time)
⁃ canʼt issue a request to identify the cache state
• since it would waste 1 RTT we are trying to reduce!
40 Developing the fastest HTTP/2 server
41. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Cache-aware server push
n experimental feature since H2O 1.5
n create a digest of URLs found in browser cache
⁃ uses Golomb coded sets
• space-efficient variant of bloom filter
n server uses the digest to determine whether or not
to push
41 Developing the fastest HTTP/2 server
42. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Memo: fresh vs. stale
n two states of a cached resource
n fresh:
⁃ resource that can be used
⁃ example: Expires: Jan 1 2030
n stale:
⁃ needs revalidation before use
• i.e. issue GET with if-modified-since
42 Developing the fastest HTTP/2 server
43. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Generating a digest
1. calc hashcode of URLs of every fresh cache
⁃ range: 0 .. #-of-URL / false-positive-rate
2. sort the hashcodes, remove duplicates
3. emit the first element using the following encoding:
1. “value * FPR” using unary coding
2. “value mod (1/false-positive-rate)” using binary
coding
4. for every other element, emit the delta from
preceding element subtracted by one using the
encoding
5. pad 1 up to the byte boundary
43 Developing the fastest HTTP/2 server
44. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Generating a digest
n scenario:
⁃ FPR: 1/256
⁃ URLs of fresh resources in cache:
• https://example.com/ecma.js
• https://example.com/style.css
n calc hash modulo 512: 0x3d, 0x16b
n sort, remove dupes, and emit the delta:
⁃ 0x3d → 0 00111101
⁃ 0x16b - 0x3d - 1 → 0x12d → 10 00101101
⁃ padding → 111111
44 Developing the fastest HTTP/2 server
45. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Overhead of sending the digest
n size: #-of-URLs * (1/log2(FPR) + 1.x) bits
n 1,400 URLs can be stored in 1 packet
⁃ when false-positive-rate set to 1/128
n can raise FPR to cram more URLs
⁃ false-positive means the resource is not pushed,
browser can just pull it
⁃ pushing some of the required resources is better
than none
45 Developing the fastest HTTP/2 server
46. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Where to store the digest?
n cookie
⁃ pros: runs on any browser, anytime
⁃ cons: digest becomes inaccurate
• only the browser knows whatʼs in the browser cache
n ServiceWorker (+ServiceWorker Cache)
⁃ pros: runs on Chrome, Firefox
⁃ cons: doesnʼt start until leaving the landing page
n HTTP/2 frame
⁃ pros: minimal octets transferred
• thanks to the knowledge of HTTP/2 connection
⁃ cons: needs to be implemented by browser developer
46 Developing the fastest HTTP/2 server
47. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Discussion at IETF
n IETF 95 (April)
⁃ initial submission of the internet draft
• co-author: Mark Nottingham (HTTP WG Chair)
⁃ defines the HTTP/2 frame
• since itʼs the best way in the long-term
• store the frame in headers / cookies for the short-
term
n IETF 96, HTTP Workshop (July)
⁃ to define digest calculation of stale resources
47 Developing the fastest HTTP/2 server
48. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Handling stale resources
n hash key changed to URL + Etag
⁃ anyone needs support for last-modified?
n server uses URL + Etag of the resource to check the
digest
⁃ push the resource in case a match is not found
⁃ push 304 Not Modified in case a match is found
48 Developing the fastest HTTP/2 server
49. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Difficulties in pushing 304
n Etag cannot always be obtained immediately
⁃ cannot build If-Match request header without
etag
⁃ the “request*” of a pushed resource SHOULD be
sent before the main response
n proposed solution:
⁃ allow 304 against a non-conditional GET
*: in case of server-push, the server generates both request and response, sends
them to the client.
49 Developing the fastest HTTP/2 server
50. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Using server-push from Ruby
n Link: rel=preload header
⁃ web server pushes the specified URL
HTTP/1.1 200 OK
Content-Type: text/html
Link: </style.css>; rel=preload # this header!!!
⁃ supported by:
• H2O, nghttpx (nghttp2), mod_h2 (Apache)
⁃ patch for nginx exists
50 Developing the fastest HTTP/2 server
51. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
The issue with Link: rel=preload
n cannot initiate push while processing the request
51 Developing the fastest HTTP/2 server
client HTTP/2 server Web app.
GET /
can’t push at
this moment
GET /
200 OK
Link: …200 OK
process request
52. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
1xx Early Metadata
52 Developing the fastest HTTP/2 server
n send Link: rel=preload as interim response
⁃ application sends 1xx then processes the request
n supported in H2O 2.1
n might propose for standardization in IETF
GET / HTTP/1.1
Host: example.com
HTTP/1.1 1xx Early Metadata
Link: </style.css>; rel=preload
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
<!DOCTYPE HTML>
...
53. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Sending 1xx from Rack
n in case of Unicorn:
Proc.new do |env|
env[”unicorn.socket”].write(
”HTTP/1.1 1xx Early Metadatarn” +
”Link: </style.js>; rel=preloadrn” +
”rn”);
# time-consuming operation ...
[ 200, [ ... ], [ ... ] ]
end
...we need to define the formal API
53 Developing the fastest HTTP/2 server
56. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
Q&A
n Q. Can it be made faster than the limits o TCP/IP?
n A. Yes!
⁃ shorten the RTT!
• CDNsʼ approach
⁃ make DNS query part of TLS handshake
• was part of TLS 1.3 draft (removed as too
premature)
⁃ fairness isnʼt a issue for a private network!
• TCP optimizer for mobile carriers
56 Developing the fastest HTTP/2 server