PRO-CO W: Proto col Compli ance on the W eb Bala chander - PowerPoint PPT Presentation

PRO-CO W: Proto col Compli ance on the W eb Bala chander Krishnamur thy Mar tin Arlitt bala@resea rch.att.com a rlitt@hpl.hp.com A T&T Labs - Resea rch HP Labs Bala chander Krishnamur thy 1

State of the W eb HTTP is the dominant p roto col (75% of backb one tra�c) � HTTP/0.9, HTTP/1.0 versions never fo rmally standa rdiz ed � 4+ y ea rs sp ent developing HTTP/1.1 with many requiremen ts � on clients, p ro xies, and servers Several intermedi ate implementa tio ns � As of June '99 HTTP/1.1 at draft standa rd � Lots of servers claiming to b e HTTP/1.1 compliant � Bala chander Krishnamur thy 2

Motivations fo r PROCO W study Measure of p roto col adoption, rep eat to get rate � W eb site admins can see if they should run HTTP/1.1 � Lea rn why p eople might b e turning o� some HTTP/1.1 features � Proto col designers can see if all the hot air exp ended in endless � discussions in W G actually led anywhere Help quantify b ene�ts of p roto col changes � Bala chander Krishnamur thy 3

Study: Metho dology Requests from few client sites a round w o rld to hundreds of p opula r o rigin � servers P opula rit y gleaned from many sources: MediaMetr ix, Netcraft, Hot100, � F o rtune500, Global200 517 server sites selected based on p opula rit y of tra�c (not on � r e quest resp onse size) Not enough p o rnographi c sites included (self-censo rship b y site raters?) � 6 client sites (.au, .cl, .fr, uky .edu, nj.att.com, ca.hp.com) � Bala chander Krishnamur thy 4

Study: What 3 catego ries of tests: 1. Some of the MUST features of HTTP/1.1 GET, HEAD, header Host 2. F eatures that a re imp o rtant additions to HTTP/1.1 P ersistent connections, pip elin in g, range requests 3. Non-mandato ry features deemed useful OPTIONS, TRA CE, POST Exp ect/100-Contin ue If-None-Match, If-Unmo di�ed-Sin ce... Bala chander Krishnamur thy 5

T op server vendo rs seen in our test Server vendo r P ercentage Netscap e 34.8 Microsoft 32.8 Apache 28.2 Lotus 2.7 Zeus 0.4 Oracle 0.2 Others 0.8 Note: Apache has a round 61% of server ma rk et sha re. total Bala chander Krishnamur thy 6

Catego ry 1: Unconditional Compliance Results Client Site GET(%) HEAD(%) Host(%) P ass All(%) F ail All(%) A T&T 82.1 72.4 64.6 59.8 7.4 Australia 82.3 72.7 64.4 60.0 7.3 Chile 82.3 70.3 64.4 60.3 7.9 F rance 82.4 72.4 64.1 59.7 7.4 HPL 83.5 72.9 64.5 60.6 7.1 Kentucky 82.4 72.7 64.2 60.1 7.5 Lo cation didn't matter - mino r di�erence s due to load balancin g front-ends 7+% failure rate of tests - bad! al l Bala chander Krishnamur thy 7

Breakdo wn of Catego ry 1 T est Results (CA-HPL ) GET (%) HEAD (%) Host(%) Unconditiona ll y compliant 83.5 72.9 64.5 Conditional ly compliant 16.1 9.4 28.6 Not compliant 0.4 17.7 6.9 e : headers lik e Content-Length , Conditional c omplianc a re absent. Transfer-Encoding: chunk ed HEAD : headers in resp onse di�erent than GET F ailur e in 17% either didn't return exp ected metainfo rmati on, o r returned message b o dy as w ell. ader : 6.9% of servers accepted such 1.1 client Host: A bsenc e of he requests. Bad. V ery bad. This is a MUST. Bala chander Krishnamur thy 8

Catego ry 2 Unconditional Compli ance (CA-HPL) Server P ersistence(%) Pip elining(%) Range(%) P ass All(%) F ail All(%) Apache/1.3 87.0 87.0 51.1 47.8 9.8 Apache/1.2 89.1 89.1 52.7 43.5 10.9 I IS/4.0 87.9 87.3 52.4 52.4 12.7 Netscap e/3.5 41.1 38.4 67.2 37.5 30.6 Netscap e/3.6 41.5 35.4 47.7 35.4 52.3 Not very encouraging considering majo r imp rovements in HTTP/1.1 a re co rrectly implemen ted in less than half of tested servers. Note Netscap e/3.6 is w o rse than Netscap e/3.5. Bala chander Krishnamur thy 9

Catego ry 3 Unconditional Compli ance (CA-HPL) F eature % Servers % Servers Unconditionally Compliant Not Compliant OPTIONS 59.8 0.8 TRA CE 97.3 0.2 F OO 54.7 7.1 POST, Exp ect 63.2 32.0 Inco rrect URL 80.5 7.1 Long URL 62.7 2.0 If-None-Match 14.8 0.8 If-Unmo di�ed-Since (1123) 41.7 57.1 If-Unmo di�ed-Since (1036) 41.7 57.1 If-Unmo di�ed-Since (ANSI C) 41.7 57.1 with in RF C 1123/1026/ANSI-C fo rmats. If-Unmodifi ed -Si nce Date Resp onding to metho d is violation of SHOULD: such a metho d might b e intro duced! FOO Bala chander Krishnamur thy 10

Securit y , DOS, and other p roblems Some servers melt instead of sending 414 Request-URI T o o La rge � (ma yb e SHOULD should b ecome a MUST?) Devices terminatin g a HTTP/TCP connection (e.g., L7 switch) should � identify themselves (i.e., MUST add Via); and undergo HTTP complianc e testing. Servers should fully identify version numb ers/con �gur ati on (I IS) � Bala chander Krishnamur thy 11

Reasons fo r non-compliance + sp eculations Subtle: reasons not alw a ys kno wn to implemen to rs (One lone MS-I IS/4.0 � failing test, uses ISAPI dll �lter) Host \Intelligent" switches/load balancers transpa rently terminate connections � ma y not supp o rt p ersistent connections though server can. ( Server : �eld w as di�erent in resp onses from the same IP address) Since these devices don't identify themselves it lo oks lik e server is � misb ehavin g. Anecdotal evidence that switch vendo rs don't supp o rt p ersistent connections. T urning o� features (p ersisten t connections/pi p eli ni ng o r range requests): � p erfo rmance concerns? Hallw a y conversations? Bala chander Krishnamur thy 12

Conclusion of study Many sites a re moving to HTTP/1.1 but not necessa rily in a compliant � w a y Ma yb e some SHOULDs in 2616 should change to MUST { most � implemento rs pa y attention to the MUSTs Ma yb e sp ec should state requireme nts fo r L7 switches � Lots of 0.9, 1.0 p ro xies in path (some implementi ng selective HTTP/1.1 � features!) Measurement is not aided b y p roto col { k eep in mind fo r future? � End to end 1.1 complian t tra�c: RSN � Bala chander Krishnamur thy 13

What happ ened after study Threat of la wsuits, nast ygrams... � Fix of DOS attack in majo r server � P ersistent connection no w default in majo r b ro wser � P ap er b eing submitted to WWW-9, test of p ro xies next � Up dated results: (done Monda y 11/8) simila r results (+-3%) � Thanks to client sites who let us do the study! � Bala chander Krishnamur thy 14

Bibliography RF C 2616 HTTP/1.1 draft standa rd � RF C 1945 HTTP/1.0 Info rmational RF C (b est current p ractice) � Di�erences b et w een HTTP/1.0 and HTTP/1.1 � Krishnamurth y , Mogul, Kristol (WWW-8, June '99) PRO-CO W pap er (b eing submitted to WWW-9) � Predicting HTTP/1.1 from HTTP/1.0 tra�c (Global Internet '99) � P ap ers available from rch.att.com/ ~ ba www.resea l a/p ap ers Bala chander Krishnamur thy 15