Network Working Group R. Shade Internet-Draft M. Warres Intended status: Informational Google Expires: January 9, 2017 July 8, 2016 HTTP/2 Semantics Using The QUIC Transport Protocol draft-shade-quic-http2-mapping-00 Abstract The QUIC transport protocol has several features that are desirable in a transport for HTTP/2, such as stream multiplexing, per-stream flow control, and low-latency connection establishment. This document describes a mapping of HTTP/2 semantics over QUIC. Specifically, this document identifies HTTP/2 features that are subsumed by QUIC, and describes how the other features can be implemented atop QUIC. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 9, 2017. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Shade & Warres Expires January 9, 2017 [Page 1] Internet-Draft HTTP/2 Over QUIC July 2016 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. QUIC advertisement . . . . . . . . . . . . . . . . . . . . . 2 3. Connection establishment . . . . . . . . . . . . . . . . . . 3 4. Sending a request on an HTTP/2-over-QUIC connection . . . . . 4 4.1. Terminating a stream . . . . . . . . . . . . . . . . . . 5 5. Writing data to QUIC streams . . . . . . . . . . . . . . . . 5 6. Stream Mapping . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. Reserved Streams . . . . . . . . . . . . . . . . . . . . 6 6.1.1. Stream 3: headers . . . . . . . . . . . . . . . . . . 6 6.1.2. Stream states . . . . . . . . . . . . . . . . . . . . 7 7. Stream Priorities . . . . . . . . . . . . . . . . . . . . . . 7 8. Flow Control . . . . . . . . . . . . . . . . . . . . . . . . 8 9. Server Push . . . . . . . . . . . . . . . . . . . . . . . . . 8 10. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 9 11. Other HTTP/2 frames . . . . . . . . . . . . . . . . . . . . . 10 11.1. GOAWAY frame . . . . . . . . . . . . . . . . . . . . . . 10 11.2. PING frame . . . . . . . . . . . . . . . . . . . . . . . 10 11.3. PADDING frame . . . . . . . . . . . . . . . . . . . . . 11 12. Normative References . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction The QUIC transport protocol has several features that are desirable in a transport for HTTP/2, such as stream multiplexing, per-stream flow control, and low-latency connection establishment. This document describes a mapping of HTTP/2 semantics over QUIC. Specifically, this document identifies HTTP/2 features that are subsumed by QUIC, and describes how the other features can be implemented atop QUIC. QUIC is described in [draft-hamilton-quic-transport-protocol]. For a full description of HTTP/2, see [RFC 7540]. 2. QUIC advertisement A server advertises that it can speak HTTP/2-over-QUIC via the Alt- Svc HTTP response header. It does so by including the header in any response sent over a non-QUIC (e.g. HTTP/2 over TLS) connection: Alt-Svc: quic=":443" Shade & Warres Expires January 9, 2017 [Page 2] Internet-Draft HTTP/2 Over QUIC July 2016 In addition, the list of QUIC versions supported by the server can be specified by the v= parameter. For example, if a server supported both version 33 and 34 it would specify the following header: Alt-Svc: quic=":443"; v="34,33" On receipt of this header, a client may attempt to establish a QUIC connection on port 443 and, if successful, send HTTP/2 requests using the mapping described in this document. Connectivity problems (e.g. firewall blocking UDP) may result in QUIC connection establishment failure, in which case the client should gracefully fallback to HTTP/2-over-TLS/TCP. 3. Connection establishment HTTP/2-over-QUIC connections are established as described in [draft- hamilton-quic-transport-protocol]. The QUIC crypto handshake MUST use TLS [draft-thomson-quic-tls]. While connection-level options pertaining to the core QUIC protocol are set in the initial crypto handshake [Combined Crypto and Transport Handshake], HTTP/2-specific settings are conveyed in the HTTP/2 SETTINGS frame. After the QUIC connection is established, an HTTP/2 SETTINGS frame may be sent as the initial frame of the QUIC headers stream (StreamID 3, See [Stream Mapping]). As in HTTP/2, additional SETTINGS frames may be sent mid-connection by either endpoint. TODO: decide whether to acknowledge receipt of SETTINGS through empty SETTINGS frames with ACK bit set, as in HTTP/2, or rely on transport- level acknowledgment. Some transport-level options that HTTP/2-over-TCP specifies via the SETTINGS frame are superseded by QUIC transport parameters in HTTP/2- over-QUIC. Below is a listing of how each HTTP/2 SETTINGS parameter is mapped: o SETTINGS_HEADER_TABLE_SIZE * Sent in HTTP/2 SETTINGS frame. o SETTINGS_ENABLE_PUSH * Sent in HTTP/2 SETTINGS frame [TBD, currently set using QUIC "SPSH" connection option] o SETTINGS_MAX_CONCURRENT_STREAMS Shade & Warres Expires January 9, 2017 [Page 3] Internet-Draft HTTP/2 Over QUIC July 2016 * QUIC requires the maximum number of incoming streams per connection to be specified in the initial crypto handshake, using the "MSPC" tag. Specifying SETTINGS_MAX_CONCURRENT_STREAMS in the HTTP/2 SETTINGS frame is an error. o SETTINGS_INITIAL_WINDOW_SIZE * QUIC requires both stream and connection flow control window sizes to be specified in the initial crypto handshake, using the "SFCW" and "CFCW" tags, respectively. Specifying SETTINGS_INITIAL_WINDOW_SIZE in the HTTP/2 SETTINGS frame is an error. o SETTINGS_MAX_FRAME_SIZE * This setting has no equivalent in QUIC. Specifying it in the HTTP/2 SETTINGS frame is an error. o SETTINGS_MAX_HEADER_LIST_SIZE * Sent in HTTP/2 SETTINGS frame. As with HTTP/2-over-TCP, unknown SETTINGS parameters are tolerated but ignored. SETTINGS parameters are acknowledged by the receiving peer, by sending an empty SETTINGS frame in response with the ACK bit set. 4. Sending a request on an HTTP/2-over-QUIC connection A high level overview of sending an HTTP/2 request on an established QUIC connection is as follows, with further details in later sections of this document. A client should first encode any HTTP headers using HPACK [RFC7541] and frame them as HTTP/2 HEADERS frames. These are sent on StreamID 3 (see [Stream Mapping]). The exact layout of the HEADERS frame is described in Section 6.2 of [RFC7540]. No HTTP/2 padding is required: QUIC provides a PADDING frame for this purpose. While HEADERS are sent on stream 3, the mandatory stream identifier in each HEADERS frame indicates the QUIC StreamID on which a corresponding request body may be sent. If there is no non-header data, the specified QUIC data stream will never be used. Shade & Warres Expires January 9, 2017 [Page 4] Internet-Draft HTTP/2 Over QUIC July 2016 4.1. Terminating a stream A stream can be terminated in one of three ways: o the request/response is headers only, in which case a HEADERS frame with the END_STREAM bit set ends the stream specified in the HEADERS frame o the request/response has headers and body but no trailing headers, in which case the final QUIC STREAM frame will have the FIN bit set o the request/response has headers, body, and trailing headers, in which case the final QUIC STREAM frame will not have the FIN bit set, and the trailing HEADERS frame will have the END_STREAM bit set (TODO: Describe mapping of HTTP/2 stream state machine to QUIC stream state machine.) 5. Writing data to QUIC streams A QUIC stream provides reliable in-order delivery of bytes, within that stream. On the wire, data is framed into QUIC STREAM frames, but this framing is invisible to the HTTP/2 layer. A QUIC receiver buffers and orders received STREAM frames, exposing the data contained within as a reliable byte stream to the application. Bytes written to Stream 3 must be HTTP/2 HEADERS frames (or other HTTP/2 non-data frames), whereas bytes written to data streams should simply be request or response bodies. No further framing is required by HTTP/2 (i.e. no HTTP/2 DATA frames are used). If data arrives on a data stream before the corresponding HEADERS have arrived on stream 3, then the data is buffered until the HEADERS arrive. 6. Stream Mapping When HTTP/2 headers and data are sent over QUIC, the QUIC layer handles most of the stream management. HTTP/2 StreamIDs are replaced by QUIC StreamIDs. HTTP/2 does not need to do any explicit stream framing when using QUIC---data sent over a QUIC stream simply consists of HTTP/2 headers or body. Requests and responses are considered complete when the QUIC stream is closed in the corresponding direction. Shade & Warres Expires January 9, 2017 [Page 5] Internet-Draft HTTP/2 Over QUIC July 2016 Like HTTP/2, QUIC uses odd-numbered StreamIDs for client initiated streams, and even-numbered IDs for server initiated (i.e. server push) streams. Unlike HTTP/2 there are a couple of reserved (or dedicated) StreamIDs in QUIC. 6.1. Reserved Streams StreamID 1 is reserved for crypto operations (the handshake, crypto config updates), and MUST NOT be used for HTTP/2 headers or body, see [core protocol doc]. StreamID 3 is reserved for sending and receiving HTTP/2 HEADERS frames. Therefore the first client initiated data stream has StreamID 5. There are no reserved server initiated StreamIDs, so the first server initiated (i.e. server push) stream has an ID of 2, followed by 4, etc. 6.1.1. Stream 3: headers HTTP/2-over-QUIC uses HPACK header compression as described in [RFC7541]. HPACK was designed for HTTP/2 with the assumption of in- order delivery such as that provided by TCP. A sequence of encoded header blocks must arrive (and be decoded) at an endpoint in the same order in which they were encoded. This ensures that the dynamic state at the two endpoints remains in sync. QUIC streams provide in-order delivery of data sent on those streams, but there are no guarantees about order of delivery between streams. To achieve in-order delivery of HEADERS frames in QUIC, they are all sent on the reserved Stream 3. Data (request/response bodies) which arrive on other data streams are buffered until the corresponding HEADERS arrive and are read out of Stream 3. This does introduce head-of-line blocking: if the packet containing HEADERS for stream N is lost or reordered then stream N+2 cannot be processed until they it has been retransmitted successfully, even though the HEADERS for stream N+2 may have arrived. Trailing headers (trailers) can also be sent on stream 3. These are sent as HTTP/2 HEADERS frames, but MUST have the END_STREAM bit set, and MUST include a ":final-offset" pseudo-header. Since QUIC supports out of order delivery, receipt of a HEADERS frame with the END_STREAM bit set does not guarantee that the entire request/ response body has been fully received. Therefore, the extra ":final- offset" pseudo-header is included in trailing HEADERS frames to indicate the total number of body bytes sent on the corresponding data stream. This is used by the QUIC layer to determine when the full request has been received and therefore when it is safe to tear Shade & Warres Expires January 9, 2017 [Page 6] Internet-Draft HTTP/2 Over QUIC July 2016 down local stream state. The ":final-offset" pseudo header is stripped from the HEADERS before passing to the HTTP/2 layer. 6.1.2. Stream states The mapping of HTTP/2-over-QUIC with potential out of order delivery of HEADERS frames results in some changes to the HTTP/2 stream state transition diagram [https://tools.ietf.org/html/rfc7540#section-5.1]. Specifically the transition from "open" to "half closed (remote)", and the transition from "half closed (local)" to "closed" takes place only when: o the peer has explicitly ended the stream via either * an HTTP/2 HEADERS frame with END_STREAM bit set and, in the case of trailing headers, the :final-offset pseudo-header * or a QUIC stream frame with the FIN bit set. o and the full request or response body has been received. 7. Stream Priorities HTTP/2-over-QUIC uses the HTTP/2 priority scheme described in [RFC7540 Section 5.3]. In the HTTP/2 priority scheme, a given stream can be designated as dependent upon another stream, which expresses the preference that the latter stream (the "parent" stream) be allocated resources before the former stream (the "dependent" stream). Taken together, the dependencies across all streams in a connection form a dependency tree. The structure of the dependency tree changes as HTTP/2 HEADERS and PRIORITY frames add, remove, or change the dependency links between streams. Implicit in this scheme is the notion of in-order delivery of priority changes (i.e., dependency tree mutations): since operations on the dependency tree such as reparenting a subtree are not commutative, both sender and receiver must apply them in the same order to ensure that both sides have a consistent view of the stream dependency tree. HTTP/2 specifies priority assignments in PRIORITY frames and (optionally) in HEADERS frames. To achieve in-order delivery of HTTP/2 priority changes in HTTP/2-over-QUIC, HTTP/2 PRIORITY frames, in addition to HEADERS frames, are also sent on reserved stream 3. The semantics of the Stream Dependency, Weight, E flag, and (for HEADERS frames) PRIORITY flag are the same as in HTTP/2-over-TCP. Since HEADERS and PRIORITY frames are sent on a different stream than the STREAM frames for the streams they reference, they may be Shade & Warres Expires January 9, 2017 [Page 7] Internet-Draft HTTP/2 Over QUIC July 2016 delivered out-of-order with respect to the STREAM frames. There is no special handling for this--the receiver should simply assign resources according to the most recent stream priority information that it has received. ALTERNATIVE DESIGN: if the core QUIC protocol implements priorities, then this document should map the HTTP/2 priorities scheme to that provided by the core protocol. This would likely involve prohibiting the sending of HTTP/2 PRIORITY frames and setting of the PRIORITY flag in HTTP/2 HEADERS frames, to avoid conflicting directives. 8. Flow Control QUIC provides stream and connection level flow control, similar in principle to HTTP/2's flow control but with some implementation differences. As flow control is handled by QUIC, the HTTP/2 mapping need not concern itself with maintaining flow control state, or how/ when to send flow control frames to the peer. The HTTP/2 mapping must not send HTTP/2 WINDOW_UPDATE frames. The initial flow control window sizes (stream and connection) are communicated during the crypto handshake (see [Connection establishment]). Setting these values to the maximum size (2^31 - 1) effectively disables flow control. Relatively small initial windows can be used, as QUIC will attempt to auto-tune the flow control windows based on usage. See [draft- hamilton-quic-transport-protocol] for more details. 9. Server Push HTTP/2-over-QUIC supports HTTP/2 server push. During connection establishment, the client indicates whether or it is willing to receive server pushes via the SETTINGS_ENABLE_PUSH setting in the HTTP/2 SETTINGS frame (see [Connection Establishment]), which defaults to 1 (true). As with server push for HTTP/2-over-TCP, the server initiates a server push by sending an HTTP/2 PUSH_PROMISE frame containing the StreamID of the stream to be pushed, as well as request header fields attributed to the request. The PUSH_PROMISE frame is sent on stream 3, to ensure proper ordering with respect to other HEADERS and non- data frames. Within the PUSH_PROMISE frame, the StreamID in the common HTTP/2 frame header indicates the associated (client- initiated) stream for the new push stream, while the Promised Stream ID field specifies the StreamID of the new push stream. Shade & Warres Expires January 9, 2017 [Page 8] Internet-Draft HTTP/2 Over QUIC July 2016 The server push response is conveyed in the same way as a non-server- push response, with response headers and (if present) trailers carried by HTTP/2 HEADERS frames sent on reserved stream 3, and response body (if any) sent via QUIC stream frames on the stream specified in the corresponding PUSH_PROMISE frame. 10. Error Codes The HTTP/2 error codes defined in [RFC7540 Section 7] map to QUIC error codes as follows: o NO_ERROR (0x0) * Maps to QUIC_NO_ERROR o PROTOCOL_ERROR (0x1) * No single mapping? o INTERNAL_ERROR (0x2) * QUIC_INTERNAL_ERROR? (not currently defined in core protocol spec) o FLOW_CONTROL_ERROR (0x3) * QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA? (not currently defined in core protocol spec) o SETTINGS_TIMEOUT (0x4) * ? (depends on whether we support SETTINGS acks) o STREAM_CLOSED (0x5) * QUIC_STREAM_DATA_AFTER_TERMINATION o FRAME_SIZE_ERROR (0x6) * QUIC_INVALID_FRAME_DATA o REFUSED_STREAM (0x7) * ? o CANCEL (0x8) * ? Shade & Warres Expires January 9, 2017 [Page 9] Internet-Draft HTTP/2 Over QUIC July 2016 o COMPRESSION_ERROR (0x9) * QUIC_DECOMPRESSION_FAILURE (not currently defined in core spec) o CONNECT_ERROR (0xa) * ? (depends whether we decide to support CONNECT) o ENHANCE_YOUR_CALM (0xb) * ? o INADEQUATE_SECURITY (0xc) * QUIC_HANDSHAKE_FAILED, QUIC_CRYPTO_NO_SUPPORT o HTTP_1_1_REQUIRED (0xd) TODO: fill in missing error code mappings. 11. Other HTTP/2 frames QUIC includes some features (e.g. flow control) which are also present in HTTP/2. In these cases the HTTP/2 mapping need not re- implement them. As a result some HTTP/2 frame types are not required when using QUIC, as they either are directly implemented in the QUIC layer, or their functionality is provided via other means. This section of the document describes these cases. 11.1. GOAWAY frame QUIC has its own GOAWAY frame, and QUIC implementations may to expose the sending of a GOAWAY to the application. The semantics of sending a GOAWAY in QUIC are identical to HTTP/2: an endpoint sending a GOAWAY will continue processing open streams, but will not accept newly created streams. QUIC's GOAWAY frame is described in detail in the [draft-hamilton- quic-transport-protocol]. 11.2. PING frame QUIC has its own PING frame, which is currently exposed to the application. QUIC clients send periodic PINGs to servers if there are no currently active data streams on the connection. QUIC's PING frame is described in detail in the [draft-hamilton-quic- transport-protocol]. Shade & Warres Expires January 9, 2017 [Page 10] Internet-Draft HTTP/2 Over QUIC July 2016 11.3. PADDING frame There is no HTTP/2 padding in this mapping; padding is instead provided at the QUIC layer by including QUIC PADDING frames in a packet payload. An HTTP/2 over QUIC mapping should treat any HTTP/2 level padding as an error, to avoid any possibility of inconsistent flow control states between endpoints (e.g. client sends HTTP/2 padding, counts it against flow control, server ignores). 12. Normative References [RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate Requirement Levels", March 1997. [RFC7540] Belshe, M., Peon, R., and M. Thomson, "Hypertext Transfer Protocol Version 2 (HTTP/2)", May 2015. [RFC7541] Peon, R. and H. Ruellan, "HPACK: Header Compression for HTTP/2", May 2015. [draft-hamilton-quic-transport-protocol] Hamilton, R., Iyengar, J., Swett, I., and A. Wilk, "QUIC: A UDP-Based Multiplexed and Secure Transport", July 2016. [draft-thomson-quic-tls] Thomson, M. and R. Hamilton, "Porting QUIC to TLS", March 2016. [draft-iyengar-quic-loss-recovery] Iyengar, J. and I. Swett, "QUIC Loss Recovery and Congestion Control", July 2016. Authors' Addresses Robbie Shade Google Email: rjshade@google.com Mike Warres Google Email: mpw@google.com Shade & Warres Expires January 9, 2017 [Page 11]