HTTP/3

We are at the beginning of 2021 and it seems this year will bring new protocol adoptions. I wrote about HTTP/2 in 2015 and I think it’s getting old because I wrote about Moving the Web from TCP to UDP a year later and this will be the new standard for the next years. There are still lots of websites with HTTP/1.1 and nearly 50% of websites run with HTTP/2. However, the third version is already an Internet Draft and has multiple improvements and new features. HTTP/3 is already supported by some browsers, appliances and web servers.

Percentages of websites using various site elements

HTTP/3 run over QUIC, which is a new transport protocol developed by Google. This new protocol can address some of the known shortcomings of doing HTTP/2 over TCP and TLS. For instance, one of the shortcomings is the TCP head of line blocking because HTTP/2 is done over TCP and typical browsers do tens or hundreds of parallel transfers over a single TCP connection, as a result, if a single packet is lost or dropped in the network, the entire TCP connection is brought to a halt while the lost packet is re-transmitted. HTTP/3 can avoid the block with independent streams using QUIC over UDP.

High-level overview of HTTP transport stacks

QUIC is on top of UDP and it also then uses UDP port numbers to identify specific network services. However, all known QUIC implementations are currently in user-space instead of kernel-space because it allows more rapid evolution. Therefore, QUIC uses UDP ports above 1024. In addition, parallel streams can transfer data simultaneously over a single connection without affecting the other streams. Actually, there are lots of more features such as fast handshakes or TLS 1.3, which are really important.

Fast handshakes

The QUIC transport protocol works really simple. Firstly, QUIC set up a connection which is a single conversation between two QUIC endpoints. Connection ID are used to identify the connection, which can thus migrate between IP addresses and network interfaces in ways TCP never could. Secondly, connections start a secure layer with TLS 1.3, which is mandatory. There is no way to avoid using TLS. Finally, QUIC uses streams to send data over the connection. 

HTTP Request over QUIC (with 0-RTT)

HTTP/3 is the first protocol to transport over QUIC. It’s like HTTP/1.1 and HTTP/2 because it has requests, responses, headers, body, cookies, etc. However, there are also changes. For instances, the alternate service (Alt-svc:) header is used to tell clients that web server supports and wants to start connections using HTTP/3. There are a lot of changes. Another interesting change is HTTP/3 has much faster handshakes, thanks to QUIC, than HTTP/1.1 or even HTTP/2 with TCP + TLS.

Alternate service header

To sum up, HTTP/3 is still an Internet Draft and HTTP/2 is increasingly deployed in lots of web services. HTTP/3 is on top of QUIC, which has lots of new features and improvements. I think, we will see HTTP/3 running in main web servers soon such as Facebook, Amazon, Netflix and Google. In fact, they are already thinking in the new version QUICv2.

Have you already deployed HTTP/2? Are you thinking in the new version HTTP/3? Bye my friends!