07/08/2022 | Press release | Distributed by Public on 07/08/2022 06:48
2022-07-08 | 15 min read
The foundation of the internet is the HTTP protocol. The Hypertext Transfer Protocol (HTTP) functions as an application layer to simplify data transfer, resource retrieval, RESTful exchanges, and browser-to-server communication. To authenticate the communicating endpoints and to secure the application data that is passed over the internet, authentication and encryption is mandatory. Hence, HTTPS became the de-facto standard for HTTP communications. The most recent version of the HTTP protocol, HTTP/3, is built on top of HTTP/2. By enhancing user experience, reducing the effects of packet loss without head-of-line blocking, accelerating (HTTPS) handshake process, and enabling encryption by default, HTTP/3 is intended to alleviate some of the performance difficulties inherent with HTTP/2.
QUIC is one of the primary distinctions in HTTP/3. Quick UDP Internet Connections (QUIC), proposed by Google and finally adopted by the IETF as RFC 9000, after various draft versions, serves as the foundation of HTTP/3. According to Cloudflare, QUIC implementation establishes encrypted connections at the transport layer, condensing handshakes into a single step and encrypting the information that is passed between connections.
HTTPS stack: Old vs new
With the various draft versions, HTTP/3 popularity has been slowly increasing, and the most recent data indicates that HTTP/3 is used by around 25.1 percent of all websites (source: https://w3techs.com/technologies/details/ce-http3). As IETF publishes HTTP/3 as RFC (RFC 9114) on June 6, 2022, we can very well assume that it's adoptability will increase over the next few years. With around 80 percent of the network traffic using HTTP (HTTP, HTTPS, HTTP/2 combined), which obviously uses TCP, HTTP/3, natively built on top of UDP, is a major paradigm shift that existing networks, devices, and endpoints need to adopt.
As QUIC and therefore HTTP/3 is based on UDP, there will be a widespread impact on infrastructure and architecture. Most security systems are unfamiliar with scrutinizing the content sent on top of UDP. The following summarizes the top challenges for HTTP/3 adoption:
Now that we have a good understanding of how HTTP/3 operates and what its effects are across the network, let us concentrate on validating our network with HTTP/3 traffic. Below are some of the Key Performance Indicators (KPIs):
HTTP/3 opens different scenarios for testing the traffic initiator, responder, and the devices in between, including various devices and middle boxes. Let's do a high-level overview of the various topologies.
In this topology, we have a DUT between the HTTP/3 client and server (HTTP/3 client, server can be emulated by IxLoad). The DUT is HTTP/3 aware. It can intercept the HTTP/3 traffic.
Test traffic originating from an HTTP/3 client passes through an Application Delivery controller (ADC)/ SLB, NGFW, IDS/IPS, proxies and network monitoring devices, and goes to the HTTP/3 server. IxLoad can simulate both the HTTP/3 client and the HTTP/3 server.
This test can determine the following:
In this topology, we have a DUT between the HTTP/3 client and HTTP/1.x or HTTP/2 server (HTTP client, server can be emulated by IxLoad).
Similar to Topology 1, except that the responder supports HTTP/1.x and/or HTTP/2. The DUT establishes the TCP connection with the responder and sends the HTTP/3 payload over HTTP/1.x or HTTP/2. Additionally, the DUT may choose to send the payload as clear text or encrypted. The response path follows the reverse pattern.
The metrics of the test remains the same as mentioned earlier.
Topology 3: Stream-based Load Balancing
In this topology, the DUT between the HTTP/3 client and HTTP/1.x or HTTP/2 server (HTTP client, server can be emulated by IxLoad) can do stream-based load balancing.
The Load Balancer in between the client and server, may do a stream-based load balancing instead of connection-based. In which case, the Load Balancer sends specific streams to specific servers at the backend. Thus, connections behind the Load Balancer may be over HTTP/1 to facilitate the parallel processing of the requests. The individual responses are collated by the Load Balancer and sent over to the client over HTTP/3.
This test can determine the following:
The simplest topology in which the HTTP/3 client/server is tested with the other end is mimicked by using IxLoad HTTP/3.
Test traffic originating from an HTTP/3 client hits an HTTP/3 server. This scenario would be useful to benchmark the performance of HTTP/3 servers before making them available into production.
Keysight's IxLoad provides a comprehensive solution to test HTTP/3, with IxLoad client and IxLoad server, for both functional and performance testing. IxLoad supports fully stateful HTTP/3 traffic.
In IxLoad, HTTP/3 client and server is implemented as a new plugin with GET, PUT, and POST commands along with generic commands like Loop. It can co-exist with other apps like HTTP 1.x/ 2.0, enabling end users to generate a mix of TCP and UDP traffic from the same test port. IxLoad HTTP/3 implementation can be used for both one-arm (simulating either the HTTP/3 client or the HTTP/3 server with IxLoad) or two-arm testing (IxLoad HTTP/3 client and server are the test endpoints).
We will demonstrate a sample configuration where IxLoad can be used for benchmarking CPS (connections per second) performance for an NGFW device as described in Topology 1 earlier.
Configure the IxLoad HTTP/3 server specific settings like Maximum number of configurable streams and web pages.
That completes our configuration!
IxLoad provides comprehensive set of statistics to help understand and interpret the result of the run, both for HTTP/3 and QUIC. The following are some of the important statistics:
All the preceding statistics are available in cumulative and rate-based view.
All these statistics are further supplemented by more granular and per user drill down views.
Performance, functionality, and QoE are all key components that need to be validated regardless of the embraced technology, selected network design, or even development phase. During a paradigm shift, getting all these components right is a real balancing act that you can master only through a systematic and robust test strategy and with a trusted partner. Your ability to validate with real-world traffic across the stack - spanning networking protocols, services, applications, and cybersecurity - offers a competitive advantage. That is true whether you are conducting proof of concepts, planning and design validation, or continuously testing into production.
Keysight's network, applications, and security test products ensure that your test results are meaningful and deliver the right insights.
Start testing your devices and networks with HTTP/3 traffic by using the IXLOAD - 9.22 release.
Learn more about how to use IxLoad in https://www.keysight.com/in/en/assets/7019-0052/application-notes/Application-Delivery.pdf.
For more information, visit our website https://www.keysight.com/in/en/products/network-test/protocol-load-test/ixload.html.
For more technical details on QUIC and HTTP/3 please visit our blogs on Road To QUIC and Looking Into QUIC Packets in your Network.