Web Performance and the Impact of SPDY, HTTP/2 & QUIC - Part 3
May 24, 2016

Jean Tunis

Share this

This blog is the third in a 5-part series on APMdigest where I discuss web application performance and how new protocols like SPDY, HTTP/2, and QUIC will hopefully improve it so we can have happy website users.

Start with Web Performance 101: The Bandwidth Myth

Start with Web Performance 101: 4 Recommendations to Improve Web Performance

Start with Web Performance and the Impact of SPDY, HTTP/2 & QUIC - Part 1

Start with Web Performance and the Impact of SPDY, HTTP/2 & QUIC - Part 2

Common HTTP/1.1 Workarounds

Regarding the HTTP/1.1 limitations outlined in my last blog, it was known that an update was needed to address them. But this did not happen, until recently. With the need for better performance, a number of workarounds were created to get around the limitations.

Open Multiple Connections

As web technology developed, it became clear that more connections were needed to help improve web performance by opening up more than one connection to the server at the same time. For years, Internet Explorer allowed only 2 concurrent connections. As Firefox and Chrome entered the scene, this number went up to 6.

At this point, most modern browsers allow for 6 concurrent TCP connections. All of these connections will help to reduce the impact of TCP slow start on the overall website.

Domain Sharding

With the ability to have multiple connections to the server, developers soon realized that they could improve performance if website resources were placed on various domain servers. They would then be able to allow for up to 6 concurrent connections for each domain.

The content for a website, domain.com, for example, could be spread across three domains - one.domain.com, two.domain.com and three.domain.com.

With this configuration, a browser can now have up to 18 concurrent connections to make HTTP requests!

Resource Inlining

What's better than having the browser open up more connections across many domains? Using those same connections to send more data.

In my previous blog, Web Performance 101: 4 Recommendations to Improve Web Performance, I mentioned that you don't want to have too many connections. With 18 connections from one browser to 3 domains, the PC may run into some resource issues. Opening and closing more connections can cause CPU slowdown, for example.

The ability to include some scripting data directly into the HTML, known as resource inlining, allowed the browser to download CSS and JS file information along with the HTML and not have to open up a new connection to do it. This not only reduced the number of connections, but also reduced the need for another round-trip across the network to get more data.

Enter SPDY

To help solve the HTTP/1.1 limitations, in November 2009, Google released its first draft defining a new protocol called SPDY, which is pronounced "SPeeDY".

Get it? Speedy? Haha!

The primary goal that Google stated for this protocol was to reduce page load times by at least 50%.

The plan to achieve this goal was in the following ways:

■ Multiplexing requests onto one TCP connection

■ Prioritizing requests

■ Compressing headers

■ Enabling server pushes

■ Ensuring better security with TLS

SPDY is not an outright replacement of HTTP. Instead it runs as an application layer protocol that sits between TCP and HTTP.

Google also ensured that every request would be secure, so part of the SPDY implementation included TLS for data encryption, by default. Google was able to accomplish this goal when it saw up to 64% decreases in page load times across its Google properties that were tested, when compared to HTTP/1.1.

Now to HTTP/2

The performance gains that were experienced with SPDY were so great that Google submitted SPDY to the IETF for consideration in the HTTP/1.1 upgrade. This was accepted, and when the initial draft of the HTTP/2 standard was published in 2012, it was an exact of the copy of SPDY.

HTTP/2 is meant to be a more efficient version of the HTTP/1.1 protocol. But rather than a simple dot upgrade, like HTTP/1.2, HTTP/2 was used due to the binary framing layer (more on this later) of the upgraded protocol.

So SPDY was used as a starting point to build on HTTP/2.

The following capabilities were used as goals to accomplish:

■ Multiplexing of requests via request/response streams

■ Flow control and prioritization of multiplexed streams

■ Interaction mode via server push

■ Data compression of HTTP headers

After many months, the updated HTTP protocol was published as the proposed standard (RFC 7540) in May 2015.

Not Your Average SPDY

While HTTP/2 was based on Google's SPDY protocol at the outset, there were a couple of capabilities removed by the time it became a standard.

SPDY was only implemented with the TLS protocol enabled for security. The HTTP/2 protocol can be implemented with or without TLS.

This means that both ports 80 and 443 can be used as default ports to implement the protocol. HTTP/2 defines a version ID in the HTTP header so that you can verify what version is being used.

■ H2 version is for encrypted HTTP/2.

■ H2C version is for unencrypted HTTP/2.

But the de facto standard implementation will be H2 to ensure that as many websites as possible are always using HTTP with TLS encryption.

Read Web Performance and the Impact of SPDY, HTTP/2 & QUIC - Part 4, covering HTTP/2 in more detail.

Jean Tunis is Principal Consultant and Founder of RootPerformance
Share this

The Latest

March 26, 2020

While remote work policies have been gaining steam for the better part of the past decade across the enterprise space — driven in large part by more agile and scalable, cloud-delivered business solutions — recent events have pushed adoption into overdrive ...

March 25, 2020

Time-critical, unplanned work caused by IT disruptions continues to plague enterprises around the world, leading to lost revenue, significant employee morale problems and missed opportunities to innovate, according to the State of Unplanned Work Report 2020, conducted by Dimensional Research for PagerDuty ...

March 24, 2020

In today's iterative world, development teams care a lot more about how apps are running. There's a demand for fixing actionable items. Developers want to know exactly what's broken, what to fix right now, and what can wait. They want to know, "Do we build or fix?" This trade-off between building new features versus fixing bugs is one of the key factors behind the adoption of Application Stability management tools ...

March 23, 2020

With the rise of mobile apps and iterative development releases, Application Stability has answered the widespread need to monitor applications in a new way, shifting the focus from servers and networks to the customer experience. The emergence of Application Stability has caused some consternation for diehard APM fans. However, these two solutions embody very distinct monitoring focuses, which leads me to believe there's room for both tools, as well as different teams for both ...

March 19, 2020

The 2019 State of E-Commerce Infrastructure Report, from Webscale, analyzes findings from a comprehensive survey of more than 450 ecommerce professionals regarding how their online stores performed during the 2019 holiday season. Some key insights from the report include ...

March 18, 2020

Robinhood is a unicorn startup that has been disrupting the way by which many millennials have been investing and managing their money for the past few years. For Robinhood, the burden of proof was to show that they can provide an infrastructure that is as scalable, reliable and secure as that of major banks who have been developing their trading infrastructure for the last quarter-century. That promise fell flat last week, when the market volatility brought about a set of edge cases that brought Robinhood's trading app to its knees ...

March 17, 2020

Application backend monitoring is the key to acquiring visibility across the enterprise's application stack, from the application layer and underlying infrastructure to third-party API services, web servers and databases, be they on-premises, in a public or private cloud, or in a hybrid model. By tracking and reporting performance in real time, IT teams can ensure applications perform at peak efficiency — and guarantee a seamless customer experience. How can IT operations teams improve application backend monitoring? By embracing artificial intelligence for operations — AIOps ...

March 16, 2020

In 2020, DevOps teams will face heightened expectations for higher speed and frequency of code delivery, which means their IT environments will become even more modular, ephemeral and dynamic — and significantly more complicated to monitor. As a result, AIOps will further cement its position as the most effective technology that DevOps teams can use to see and control what's going on with their applications and their underlying infrastructure, so that they can prevent outages. Here I outline five key trends to watch related to how AIOps will impact DevOps in 2020 and beyond ...

March 12, 2020

With the spread of the coronavirus (COVID-19), CIOs should focus on three short-term actions to increase their organizations' resilience against disruptions and prepare for rebound and growth, according to Gartner ...

March 11, 2020

Whether you consider the first generation of APM or the updates that followed for SOA and microservices, the most basic premise of the tools remains the same — PROVIDE VISIBILITY ...