PRO-CO W: Proto col Compli ance on the W eb Bala chander - - PowerPoint PPT Presentation
▶
SMART_READER_LITE
LIVE PREVIEW
PRO-CO W: Proto col Compli ance on the W eb Bala chander - - PowerPoint PPT Presentation
Sep 20, 2022 370 likes •535 views
PRO-CO W: Proto col Compli ance on the W eb Bala chander Krishnamur thy Mar tin Arlitt bala@resea rch.att.com a rlitt@hpl.hp.com A T&T Labs - Resea rch HP Labs Bala chander Krishnamur thy 1 State of the W eb
SLIDE 1PRO-CO W: Proto col Compli ance
n
the W eb Bala chander Krishnamur thy Mar tin Arlitt bala@resea rch.att.com a rlitt@hpl.hp.com A T&T Labs
Resea
rch HP Labs Bala chander Krishnamur thy 1
SLIDE 2State
f
the W eb
HTTP
is the dominant p roto col (75%
f
backb
ne
trac)
HTTP/0.9,
HTTP/1.0 versions never fo rmally standa rdiz ed
4+
y ea rs sp ent developing HTTP/1.1 with many requiremen ts
n
clients, p ro xies, and servers
Several
intermedi ate implementa tio ns
As
f
June '99 HTTP/1.1 at draft standa rd
Lots
f
servers claiming to b e HTTP/1.1 compliant Bala chander Krishnamur thy 2
SLIDE 3Motivations fo r PROCO W study
Measure
f
p roto col adoption, rep eat to get rate
W
eb site admins can see if they should run HTTP/1.1
Lea
rn why p eople might b e turning
some
HTTP/1.1 features
Proto
col designers can see if all the hot air exp ended in endless discussions in W G actually led anywhere
Help
quantify b enets
f
p roto col changes Bala chander Krishnamur thy 3
SLIDE 4Study: Metho dology
Requests
from few client sites a round w
rld
to hundreds
f
p
pula
r
rigin
servers
P
pula
rit y gleaned from many sources: MediaMetr ix, Netcraft, Hot100, F
rtune500,
Global200
517
server sites selected based
n
p
pula
rit y
f
r e quest trac (not
n
resp
nse
size)
Not
enough p
rnographi
c sites included (self-censo rship b y site raters?)
HTTP/1.1 GET, HEAD, Host header 2. F eatures that a re imp
rtant
additions to HTTP/1.1 P ersistent connections, pip elin in g, range requests 3. Non-mandato ry features deemed useful OPTIONS, TRA CE, POST Exp ect/100-Contin ue If-None-Match, If-Unmo died-Sin ce... Bala chander Krishnamur thy 5
SLIDE 6T
p
server vendo rs seen in
ur
test Server vendo r P ercentage Netscap e 34.8 Microsoft 32.8 Apache 28.2 Lotus 2.7 Zeus 0.4 Oracle 0.2 Others 0.8 Note: Apache has a round 61%
f
total server ma rk et sha re. Bala chander Krishnamur thy 6
SLIDE 7Catego ry 1: Unconditional Compliance Results Client Site GET(%) HEAD(%) Host(%) P ass All(%) F ail All(%) A T&T 82.1 72.4 64.6 59.8 7.4 Australia 82.3 72.7 64.4 60.0 7.3 Chile 82.3 70.3 64.4 60.3 7.9 F rance 82.4 72.4 64.1 59.7 7.4 HPL 83.5 72.9 64.5 60.6 7.1 Kentucky 82.4 72.7 64.2 60.1 7.5 Lo cation didn't matter
mino
r dierence s due to load balancin g front-ends 7+% failure rate
f
al l tests
bad!
Bala chander Krishnamur thy 7
SLIDE 8Breakdo wn
f
Catego ry 1 T est Results (CA-HPL ) GET (%) HEAD (%) Host(%) Unconditiona ll y compliant 83.5 72.9 64.5 Conditional ly compliant 16.1 9.4 28.6 Not compliant 0.4 17.7 6.9 Conditional c
mplianc
e: headers lik e Content-Length, Transfer-Encoding: chunk ed a re absent. F ailur e in HEAD: headers in resp
nse
dierent than GET 17% either didn't return exp ected metainfo rmati
n,
r
returned message b
dy
as w ell. A bsenc e
f
Host: he ader: 6.9%
f
servers accepted such 1.1 client requests. Bad. V ery bad. This is a MUST. Bala chander Krishnamur thy 8
SLIDE 9Catego ry 2 Unconditional Compli ance (CA-HPL) Server P ersistence(%) Pip elining(%) Range(%) P ass All(%) F ail All(%) Apache/1.3 87.0 87.0 51.1 47.8 9.8 Apache/1.2 89.1 89.1 52.7 43.5 10.9 I IS/4.0 87.9 87.3 52.4 52.4 12.7 Netscap e/3.5 41.1 38.4 67.2 37.5 30.6 Netscap e/3.6 41.5 35.4 47.7 35.4 52.3 Not very encouraging considering majo r imp rovements in HTTP/1.1 a re co rrectly implemen ted in less than half
f
tested servers. Note Netscap e/3.6 is w
rse
than Netscap e/3.5. Bala chander Krishnamur thy 9
SLIDE 10Catego ry 3 Unconditional Compli ance (CA-HPL) F eature % Servers % Servers Unconditionally Compliant Not Compliant OPTIONS 59.8 0.8 TRA CE 97.3 0.2 F OO 54.7 7.1 POST, Exp ect 63.2 32.0 Inco rrect URL 80.5 7.1 Long URL 62.7 2.0 If-None-Match 14.8 0.8 If-Unmo died-Since (1123) 41.7 57.1 If-Unmo died-Since (1036) 41.7 57.1 If-Unmo died-Since (ANSI C) 41.7 57.1 If-Unmodifi ed
Si
nce with Date in RF C 1123/1026/ANSI-C fo rmats. Resp
nding
to FOO metho d is violation
f
SHOULD: such a metho d might b e intro duced! Bala chander Krishnamur thy 10
SLIDE 11Securit y , DOS, and
ther
p roblems
Some
servers melt instead
f
sending 414 Request-URI T
La
rge (ma yb e SHOULD should b ecome a MUST?)
Devices
terminatin g a HTTP/TCP connection (e.g., L7 switch) should identify themselves (i.e., MUST add Via); and undergo HTTP complianc e testing.
Servers
should fully identify version numb ers/con gur ati
n
(I IS) Bala chander Krishnamur thy 11
SLIDE 12Reasons fo r non-compliance + sp eculations
Subtle:
reasons not alw a ys kno wn to implemen to rs (One lone MS-I IS/4.0 failing Host test, uses ISAPI dll lter)
\Intelligent"
switches/load balancers transpa rently terminate connections ma y not supp
rt
p ersistent connections though server can. (Server: eld w as dierent in resp
nses
from the same IP address)
Since
these devices don't identify themselves it lo
ks
lik e server is misb ehavin g. Anecdotal evidence that switch vendo rs don't supp
rt
p ersistent connections.
T
urning
features
(p ersisten t connections/pi p eli ni ng
r
range requests): p erfo rmance concerns? Hallw a y conversations? Bala chander Krishnamur thy 12
SLIDE 13Conclusion
f
study
Many
sites a re moving to HTTP/1.1 but not necessa rily in a compliant w a y
Ma
yb e some SHOULDs in 2616 should change to MUST { most implemento rs pa y attention to the MUSTs
Ma
yb e sp ec should state requireme nts fo r L7 switches
Lots
f
0.9, 1.0 p ro xies in path (some implementi ng selective HTTP/1.1 features!)
Measurement
is not aided b y p roto col { k eep in mind fo r future?
End
to end 1.1 complian t trac: RSN Bala chander Krishnamur thy 13
SLIDE 14What happ ened after study
Threat
f
la wsuits, nast ygrams...
Fix
f
DOS attack in majo r server
P
ersistent connection no w default in majo r b ro wser
P
ap er b eing submitted to WWW-9, test
f
p ro xies next
Up
dated results: (done Monda y 11/8) simila r results (+-3%)
Thanks
to client sites who let us do the study! Bala chander Krishnamur thy 14
SLIDE 15Bibliography
RF
C 2616 HTTP/1.1 draft standa rd
RF
C 1945 HTTP/1.0 Info rmational RF C (b est current p ractice)
Dierences
b et w een HTTP/1.0 and HTTP/1.1 Krishnamurth y , Mogul, Kristol (WWW-8, June '99)
PRO-CO
W pap er (b eing submitted to WWW-9)
Predicting
HTTP/1.1 from HTTP/1.0 trac (Global Internet '99) P ap ers available from www.resea rch.att.com/~ba l a/p ap ers Bala chander Krishnamur thy 15
