[jrochkind1]

So, as far as the results: In their synthetic benchmarks, they find negligible to no improvement:

> For a small test page of 15KB, HTTP/3 takes an average of 443ms to load compared to 458ms for HTTP/2. However, once we increase the page size to 1MB that advantage disappears: HTTP/3 is just slightly slower than HTTP/2 on our network today, taking 2.33s to load versus 2.30s

And in their closer to real world benchmarks, they find no improvement, instead some negligible degradation.

> As you can see, HTTP/3 performance still trails HTTP/2 performance, by about 1-4% on average in North America and similar results are seen in Europe, Asia and South America. We suspect this could be due to the difference in congestion algorithms: HTTP/2 on BBR v1 vs. HTTP/3 on CUBIC. In the future, we’ll work to support the same congestion algorithm on both to get a more accurate apples-to-apples comparison.

As a developer of web apps, I will personally continue to not think that much about HTTP/3. Perhaps in the future network/systems engineers will have figured out how to make it bear fruit? I don't know, but it seems to me of unclear wisdom to count on it.

[ATsch]

There's something else, performance aside, that's really exciting about HTTP/3: Fixing a decades old layering violation that has made truly mobile internet impossible.

In TCP, a connection is uniquely identified by the following tuple:

    (src ip, src port, dst ip, dst port)

The issue is that we depend not only on layer 4 details (port numbers) but also on layer 3 information (IP addresses). This means we can not ever keep a connection alive when moving from one network and hence IP address into another.

We can do some trickery to let people keep their addresses while inside of a network, but switch from mobile data to wifi and every TCP connection drops.

This is easy enough to solve, in theory. Give every connection an unique ID, and then remember the last address you received a packet for that connection from, ideally in the kernel. This makes IP addresses completely transparent to applications, just like MAC addresses are. However, the tuple is assumed almost everywhere and NAT makes new layer 4 protocols impossible. Unless you layer them over UDP. And this is exactly what Wireguard, QUIC, mosh and others do. Once it's ubiquitous, you'll be able to start an upload or download at home, hop on your bike, ride to the office, and finish it without the connection dropping once.

[rixed]

Part of me consider HTTP/3 as an application protocol and disagree with this. This is not a problem for HTTP to solve but a problem for the routing protocol to solve. Is it desirable to reinvent a routing protocol at the application layer, so that we can use it as another transport protocol and so on? Shouldn't we be using a single, unique 128bit address for every device regardless of which physical network it is attached to, by now? This is not a technological limitation: If the same operator would administer both local wifi and long distance GSM then of course you would not loose your IP, as you do not lose it when you hop from one GSM antenna to the next.

...and part of me think HTTP/3 could be that universal transport protocol that could eventually solve this problem, and then I agree.

[labawi]

I agree it would be appropriate to solve roaming on a lower layer, so any application can roam.

However, the solution should not and cannot be a global routing table. Aside from privacy issues, routing tables are very expensive. It needs to be decentralized, done on or at least near the endpoints, similar to programs like mosh, wireguard etc. Though there are certain security and privacy trade-offs in mentioned protocols that may not be appropriate.

[ATsch]

Yes, this shouldn't be done at the application layer. This is why it's done in QUIC, which is layer 4.5-ish. HTTP/3 runs on top of that.

The "flat address space" idea however is completely ridiculous. That would mean every node on the internet keeping track of the path to every singe other node. This is what ethernet does and it barely scales to ten or so thousand nodes. Routers are already struggling hard with the 700k table entries we have for the IPv4 internet. To the point where providers actually wrap IP packets inside of simpler protocols once they enter the network.

We need some kind of hierarchical addressing that expresses the location of a node in the network. We know this works. We just need the layers above not to rely on those addresses staying constant.

[DarkWiiPlayer]

> The "flat address space" idea however is completely ridiculous. That would mean every node on the internet keeping track of the path to every singe other node. This is what ethernet does and it barely scales to ten or so thousand nodes. Routers are already struggling hard with the 700k table entries we have for the IPv4 internet. To the point where providers actually wrap IP packets inside of simpler protocols once they enter the network.

If anything, we need a more hierarchical structure, with stricter separations by, e.g. Continent/Country/Province and possibly down to street or even house level, so routers can more easily just throw the data in the right general direction. Note the obvious privacy problem there.

[mcguire]

Each Ethernet interface has a unique address; using them is widely regarded as a privacy violation.

[ATsch]

That can be solved, but more importantly, Ethernet can not scale beyond 10k or so nodes because the addresses are meaningless and there's no way to tell what the next hop for an address you've never seen before should be beyond just sending it everywhere and hoping for the best. There's also no way to prevent spoofing, which would be a huge nuisance.

[rasz]

>you'll be able to start a download at home, hop on your bike, ride to the office, and finish your download without the connection dropping once.

you could do this for over 20 years as long as server supports HTTP/1.1 https://en.wikipedia.org/wiki/Byte_serving

[ATsch]

The connection does drop though. Range requests just allow you to resume it.

[gopalv]

> This means we can not ever keep a connection alive when moving from one network and hence IP address into another.

One of the things I was looking forward to from IPv6 was the mobility of IPs [1].

[1] - https://en.wikipedia.org/wiki/Mobile_IP#Changes_in_IPv6_for_...

[ATsch]

I think the idea of mobile IP is fundamentally flawed and I'm not surprised it didn't catch on. The whole point of IP addresses is to be a hierarchical address describing a location in the network. Once you can move IPs, they become completely meaningless. Mobile IP proposals just hack around this by running everything through a glorified VPN.

[underdeserver]

How would the server know that the destination IP changed?

[BenjiWiebe]

When the acknowledgement packet suddenly comes from a new IP address, referencing an existing connection ID.

[mcguire]

There's security implications...

[Matthias247]

Those are addressed by the QUIC specification, by having lots of encryption. The whole content of QUIC packets is encrypted. You can't really do a lot with connection IDs. And for most of the packets you can't even observe the full connection ID, since an abbreviated version is sent.

Acknowledgements are encrypted.

[labawi]

Can the transport path be hijacked from a single captured packet? As in capture a single packet, scribble an address and the connection now goes via Pentagon or China.

I know it's possible for wireguard, maybe mosh.

[salmaanp]

this sounds similar to SSL resumption

[m_eiman]

There’s also Multipath TCP that intends to solve that problem.

[ATsch]

Multipath is different in purpose though, although it does also break up the tuple. It's designed to allow load balancing across multiple addresses/interfaces. You need to explicitly tell the other side "I am also available under the following address". There is definitely some overlap and there are proposals for multipath QUIC which gives you both.

[dehrmann]

SCTP gets closer to it with multi-homing.

[ATsch]

Still incredibly disappointed this didn't catch on widely before NAT prevented any new protocols. There'd be so many problems we wouldn't have today.

[dehrmann]

I tend to say the OSI model got it wrong because TCP should live on top of TCP and use its mechanism for ports. That also would have made it easier to launch new protocols with connection and reliability semantics.

[move-on-by]

I'm certainly no network engineer, but my understanding is that HTTP/3 really shines in poor networking conditions. HTTP/2 was a massive improvement on HTTP/1.2 that had some really impressive stats to back it up. HTTP/3 isn't going to have that. Being on-par with HTTP/2 in excellent conditions is expected. The little game animation backs that up - if all the data arrives in both HTTP/2 & HTTP/3 then its a wash. I'm certainly not aware of any HTTP/3 browser implementations on mobile. I believe that is when you'll see the improvements. Although, I've also read that without kernel and NIC-level support for HTTP/3, its supposed to be a large CPU and battery drain. So it might be awhile before the real benefits of HTTP/3 are fully realized. Regardless, its fascinating to watch.

[sebazzz]

> I'm certainly no network engineer, but my understanding is that HTTP/3 really shines in poor networking conditions.

Doesn't that mean we need to rethink TCP instead of pulling all these transfer concerns to the application layer?

[georgyo]

The application layer is the only place these changes can go anymore. IPv6 is a good example that protocol layer changes are really slow to roll out.

You may also be interested in SCTP, which is awesome on paper and works well across the internet. But since most firewalls only understand TCP, UDP, and ICMP other protocols get auto dropped.

SCTP could have been amazing. https://en.m.wikipedia.org/wiki/Stream_Control_Transmission_...

[cb22]

> SCTP could have been amazing

It still is, it's part of the WebRTC spec, and when you use a WebRTC data channel, you're using SCTP over DTLS over UDP! (or TCP, possibly with a TURN relay, which may end up tunneling the whole thing over TLS over TCP :))

There are a lot of acronyms in WebRTC, thankfully there's https://webrtcglossary.com

[ignoramous]

> ...when you use a WebRTC data channel, you're using SCTP over DTLS over UDP!

https://orchid.com VPN does tunnel the traffic over webrtc.

Ref: https://news.ycombinator.com/item?id=21952887

[ajrw]

Wow, I knew it was using SCTP but I didn't know that was inside the DTLS channel. That seems like a lot of overhead.

[SmooL]

In theory, yes. In practice, TCP has "ossified". That is to say; all the routers and networking equipment, around the world, would have to be upgraded to support changes to TCP, which in practice will never happen. Look at IPv6 adaption rates as an example.

[adequateness]

HTTP/3 is using QUIC which is UDP based.

[jeltz]

Yes, but that is essentially what QUIC is, a new transport layer protocol andHTTP/3 is then ran over QUIC. QUIC is right now implemented in user space but nothing prevents it from being implemented in the kernel.

[afiori]

That is for sure true, TCP is also know for having lots of weird and quirky implementations in the wild.

On the other hand, there will never be a time when TCP could possibly be "update", it is too entrenched and fossilized.

[toast0]

You can't get promoted at Google by making TCP on Android better, but you can for releasing HTTP over TCP over UDP.

[jeltz]

Maybe not but IETF took over the development from Google and now Quic is a generic and widely useful transport protocol. What is needed is kernel support and hardware accelerators.

[IB885588]

Indeed, the part that they illustrated with Pong does show that in environments where you lose packets or have to reconnect there should be a more noticeable advantage.

[yencabulator]

> I'm certainly not aware of any HTTP/3 browser implementations on mobile.

Chrome is happily using QUIC, also on Android. And for non-browser apps, every Android app that links against the recommended network client library will do QUIC transparently.

https://developer.android.com/guide/topics/connectivity/cron...

[PudgePacket]

Based on Google's earlier testing HTTP/3 excels in poor-performing networks where dropped packets are more likely or more costly. Cloudflare's blog didn't mention this point at all.

> On a well-optimized site like Google Search, connections are often pre-established, so QUIC’s faster connections can only speed up some requests—but QUIC still improves mean page load time by 8% globally, and up to 13% in regions where latency is higher.

https://cloudplatform.googleblog.com/2018/06/Introducing-QUI...

Another summary: https://kinsta.com/blog/http3/

Older Cloudflare blog: https://blog.cloudflare.com/http3-the-past-present-and-futur...

[userbinator]

I think they should also have 1.1 in the benchmark results, because it's still very much in widespread use.

Personally, whenever I've experienced "this site is slow", it's either because the server is really congested or there's something else taking the time (like copious amounts of JS executing on the client); both cases in which the tiny improvements (if any) of a protocol version would have zero effect.

When you consider that there's an additional huge chunk of complexity (= bugs) added by these new protocols, for small or even negative performance improvement, it really seems like there is no value being added --- it's more of a burden on everyone except those working on it.

[kortex]

Not a network engineer, but I expect TCP and UDP traffic are currently shaped differently by ISPs, possibly with preference to TCP. If your connection is solid, there isn't a huge benefit to QUIC, so you may end up seeing a slight degradation.

Syncthing uses a bunch of protocols by default to find clients, including TCP, QUIC and a few others. If you want to have some insight into how your network behaves with these protocols head-to-head, spin up syncthing and wireshark.

[vbezhenar]

That's definitely not the case with my ISP. I'm routinely using IPsec VPN which uses UDP packets and the only (barely) noticeable difference is +100ms latency. Actually I'm often getting better Internet experience with VPN, presumably because of different routes to VPN server and target website.

[taf2]

This is assuming best case e.g. no issues in the tcp connection with HTTP/2

> With HTTP/2, any interruption (packet loss) in the TCP connection blocks all streams (Head of line blocking). Because HTTP/3 is UDP-based, if a packet gets dropped that only interrupts that one stream, not all of them.

So while HTTP/3 on a perfect network might be a 1 - 4% slower it's more stable/reliable in that any packet loss won't cause a dramatic drop off in performance... so 1-4% in best case network conditions but in real world network conditions http/3 should~ be much better...

[elithrar]

> As a developer of web apps, I will personally continue to not think that much about HTTP/3. Perhaps in the future network/systems engineers will have figured out how to make it bear fruit? I don't know, but it seems to me of unclear wisdom to count on it.

Congestion control algorithm - and congestion window sizing/tuning - plays a not-insignificant role in throughput, especially when comparing a 15KiB object vs. a 1MiB object. It's often _more_ outsized for those "medium sized" objects, as too small a window won't scale up by the time the transfer completes in some cases.

In other words: this is a good post, but the caveats around congestion control algorithm are a little understated w.r.t. the benchmarks.

[jrochkind1]

Their own conclusion seems odd to me:

> Overall, we’re very excited to be allowed to help push this standard forward. Our implementation is holding up well, offering better performance in some cases and at worst similar to HTTP/2. As the standard finalizes, we’re looking forward to seeing browsers add support for HTTP/3 in mainstream versions.

I feel like the conclusion should be "Hypothetical advantages of HTTP/3 still not realized," but they are "We're excited to be working on this", with no mention of... why. Like, why isn't HTTP/3 resulting in expected advantages; what might be changed to change this; what are you going to do to try to realize actual advantages to 'push the standard forward'? It seems like a standard for the sake of saying you have done something and have a standard, if there aren't any realized advantages, no?

[eastdakota]

Because Quiche, our HTTP/3 library, only supports CUBIC for congestion control, not more modern algorithms like BBR. Even without modern congestion control, HTTP/3 performs close to as fast as HTTP/2. We expect it’s performance will improve significantly when we implement BBR and other enhancements already in more mature protocols.

[moderation]

It looks like CUBIC was only just added today - https://github.com/cloudflare/quiche/commit/f8bfb919ec17ef32...