One document matched: draft-gettys-webmux-00.txt
INTERNET DRAFT Jim Gettys, Compaq Computer Corporation
draft-gettys-webmux-00.txt Henrik Frystyk Nielsen, W3C, M.I.T
Expires January 1, 1999 August 1, 1998
The WebMUX Protocol
Status of This Document
This document is an Internet-Draft. Internet-Drafts are working documents of te
Internet Engineering Task Force (IETF), its areas, and its working groups. Note
that other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be
updated, replaced, or obsoleted by other documents at any time. It is
inappropriate to use Internet-Drafts as reference material or to cite them other
than as "work in progress."
To view the entire list of current Internet-Drafts, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories
on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), ftp.nis.garr.it
(Southern Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or
ftp.isi.edu (US West Coast).
This document describes an experimental design for a multiplexing transport,
intended for, but not restricted to use with the Web. WebMUX has been
implemented as part of the HTTP/NG project. Use of this protocol is EXPERIMENTAL
at this time and the protocol may change. In particular, transition strategies
to use of WebMUX have not been definitively worked out. You have been warned!
Distribution of this document is unlimited. Please send comments to the HTTP-NG
mailing list at <www-http-ng-comments@w3.org>. Discussions are archived at
"http://lists.w3.org/Archives/Public/www-http-ng-comments/".
Please read the "HTTP-NG Short- and Longterm Goals Document" [1] for a
discussion of goals and requirements of a potential new generation of the HTTP
protocol and how we intend to evaluate these goals.
General information about the Project as well as new draft revisions, related
discussions, and background information is linked from
"http://www.w3.org/Protocols/HTTP-NG/".
Note: Since internet drafts are subject to frequent change, you are advised to
reference the Internet Draft directory. This work is part of the W3C HTTP/NG
Activity (for current status, see http://www.w3.org/Protocols/HTTP-NG/Activity).
Abstract
This document defines the experimental multiplexing protocol referred to as
"WebMUX". WebMUX is a session management protocol separating the underlying
transport from the upper level application protocols. It provides a lightweight
communication channel to the application layer by multiplexing data streams on
top of a reliable stream oriented transport. By supporting coexistence of
multiple application level protocols (e.g. HTTP and HTTP/NG), WebMUX should ease
transitions to future Web protocols, and communications of client applets using
private protocols with servers over the same TCP connection as the HTTP
conversation.
WebMUX is intended for, but by no means restricted to, transport of Web related
protocols; the name has been chosen to reduce confusion with other existing
multiplexing protocols.
This document is part of a suite of documents describing the HTTP-NG design and
prototype implementation:
* HTTP-NG Short- and Longterm Goals, ID
* HTTP-NG Architectural Model, ID
* HTTP-NG Wire Protocol, ID
* The Classic Web Interfaces in HTTP-NG, ID
* Description of the HTTP-NG Testbed, ID
Changes from Previous Version
* Changed name from SMUX to WebMUX to reduce confusion with SNMP related
protocol.
* Split protocol ID address space to allow an address space for servers to
use to identify protocols outside of the control of this document.
* Elaborated endpoint usage.
* Prepared to meet IETF ID standards.
* Added acknowlegements section.
* Some reorganization of the document
------------------------------------------------------
Contents
1. The WebMUX Protocol
2. Status of This Document
3. Abstract
1. Changes from Previous Version
4. Contents
5. Introduction
1. Goals
6. WebMUX Protocol Operation
1. Key Words
2. Deadlock Schenario
3. Deadlock Avoidance
4. Operation and Implementation Considerations
5. WebMUX Header
6. Alignment
7. Long Fragments
8. Atoms
9. Protocol ID's
10. Session ID Allocation
11. Session Establishment
12. Graceful Release
13. Disgraceful Release
14. Message Boundaries
15. Flow Control
16. End Points
17. Control Messages
7. Security Considerations
8. Remaining Issues for Discussion
9. Comparison with SCP (TMP)
10. Closed Issues from Discussion and Email
11. Acknowlegments
12. References
13. Author's Addresses
------------------------------------------------------
Introduction
The Internet is suffering from the effects of the HTTP/1.0 protocol, which was
designed without understanding of the underlying TCP [1] transport protocol.
HTTP/1.0 opens a TCP connection for each URI [28] retrieved (at a cost of both
packets and round trip times (RTTs)), and then closes the TCP connection. For
small HTTP requests, these TCP connections have poor performance due to TCP slow
start [9] [10] as well as the round trips required to open and close each TCP
connection.
There are (at least) three reasons why multiple simultaneous TCP connections
have come into widespread use on the Internet despite the apparent
inefficiencies:
1. A client using multiple TCP connections gains a significant advantage in
perceived performance by the end-user, as it allows for early retrieval of
metadata (e.g. size) of embedded objects in a page. This allows a client
to format a page sooner without suffering annoying reformatting of the
page. Clients which open multiple TCP connections in parallel to the same
server, however could cause self congestion on heavily congested links,
since packets generated by TCP opens and closes are not themselves
congestion controlled.
2. The additional TCP opens cause performance problems in the network, but a
client that opens multiple TCP connections simultaneously to the same
server may also receive an "unfair" bandwidth advantage in the network
relative to clients that use a single TCP connection. This problem is not
solvable at the application level; only the network itself can enforce
such "fairness".
3. To keep low bandwidth/high latency links busy (e.g. dialup lines), more
than one TCP connection has been necessary since slow start may cause the
line to be partially idle.
The "Keep-Alive" extension to HTTP/1.0 is a form of persistent TCP connections
but does not work through HTTP/1.0 proxies and does not take pipelining of
requests into account. Instead a revised version of persistent TCP connections
was introduced in HTTP/1.1 as the default mode of operation.
HTTP/1.1 [6] persistent connections and pipelining [11] will reduce network
traffic and the amount of TCP overhead caused by opening and closing TCP
connections. However, the serialized behavior of HTTP/1.1 pipelining does not
adequately support simultaneous rendering of inlined objects - part of most Web
pages today; nor does it provide suitable fairness between protocol flows, or
allow for graceful abortion of HTTP transactions without closing the TCP
connection (quite common in HTTP operation).
Persistent connections and pipelining, however, do not fully address the
rendering nor the fairness problems described above. A "hack" solution is
possible using HTTP range requests; however, this approach does not, for
example, allow a server to send just the metadata contained in embedded object
before sending the object itself, nor does it solve the TCP connection abort
problem.
Current TCP implementations do not share congestion information across multiple
simultaneous TCP connections between two peers, which increases the overhead of
opening new TCP connections. We expect that Transactional TCP [5] and sharing of
congestion information in TCP control blocks [8] will improve TCP performance by
using less RTTs and better congestion behavior, making it more suitable for HTTP
transactions.
The solution to these problems requires two actions; either by itself will not
entirely discourage opening multiple TCP connections to the same server from a
client.
* Internet service providers should enable the Random Early Detection (RED)
[12] or other active congestion control algorithms in their routers to
ensure bandwidth fairness to clients when the network is congested. RED
also addresses queue length problems observed in routers today.
* Development and deployment of a multiplexing protocol for use with HTTP
(and eventually other protocols), so that multiple objects from a web
server can be fetched approximately simultaneously over a single TCP
connection, so that the metadata to objects can be sent to clients without
other metadata waiting for the rest of the first object requested.
This document describes such an experimental multiplexing protocol. It is
designed to multiplex a TCPconnection underneath HTTP so that HTTP itself does
not have to change, and allow coexistence of multiple protocols (e.g. HTTP and
HTTP/NG), which will ease transitions to future Web protocols, and
communications of client applets using private protocols with servers over the
same TCP connection as the HTTP conversation.
Ideas from this design come from Simon Spero's SCP [15] [16] description and
from experience from the X Window System's protocol design [13].
Goals
We believe WebMUX meets the following goals we believe necessary for the use of
a multiplexing protocol for the Web:
* Unconfirmed service without negotiation or round trips to the server
* simple design
* high performance
* deadlock-free, by a credit based flow control scheme.
* allow multiple protocols to be multiplexed over same TCP connection
* allow connections to be established in either direction (enabling
callbacks to the session initiator).
* ability to build a full function socket interface above this protocol.
* low overhead
* preserves alignment in the data stream, so that it is easy to use with
protocols that marshal their data in a binary form.
------------------------------------------------------
WebMUX Protocol Operation
Key Words
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in RFC 2119 [7].
Deadlock Scenario
Multiplexing multiple sessions over a single transport TCP connection introduces
a potential deadlock that WebMUX is designed to avoid.
Here is an example of potential deadlock:
* Presume that each session is being handled by an independent thread and
that memory available to the WebMUX implementation is limited (for
example, on a thin client on a meter reader).
* For the purposes of this example, presume the thin client has 50K bytes of
buffer available to its WebMUX implementation, and cannot get more.
* The sender of data decides to send, as part of a session request (SYN
message), 100K bytes of initial data. There are no other senders, so all
of the data gets transmitted. But the thread to deal with the message is
blocked, and cannot make progress.
* Unless WebMUX can buffer all 100K (or 1 meg, or pick your favorite
numbers), any other session's data would be blocked behind this initial
transmission until and unless WebMUX can read and buffer the data
someplace (and since it has no buffer available, the deadlock occurs).
Many similar (but possibly harder to explain) deadlocks are possible.
This example points out that deadlock is possible: WebMUX must be able to buffer
data independently of the consumers of the data. It must also have some way to
throttle sessions where the consumer of the data is not responsive in the
multiplexing layer (in this example, prevent the transmission of more than 50
Kbytes of data). Note that this deadlock is independent of the size of any
multiplexing fragment, but strictly dependent on availability of buffer space in
WebMUX for a particular session.
Deadlock Avoidance
In WebMUX, the receiver makes a promise (sends a credit) to the transmitter that
a certain amount of buffer space is available (or at least that it will consume
the bytes, if not buffer them, e.g. a real time audio protocol where the data is
disposed of), and the transmitter promises not to send more data than the
receiver has promised (no more than the credit). If these promises are met, then
WebMUX will not deadlock. The AddCredit control message is used to add a credit
to a session.
A WebMUX implementation MUST maintain and adhere to the credit system or it can
deadlock. Implementations on systems with large amounts of memory (e.g. VM
systems) may be quite different than ones on thin clients with limited,
non-virtual memory. It is reasonable on a VM system to hand out credits freely
(analogous to the virtual socket buffering found in TCP implementations); but
your implementation must be careful to test its credit mechanisms so that they
will inter operate with limited memory systems. Credit control messages MAY be
sent on sessions that are not active.
Sessions have an initial credit size (initial_default_credit) of 16 KB on each
session; the SetDefaultCredit control message can set this initial credit to
something larger than the default.
Operation and Implementation Considerations
A transmitter MUST NOT transmit more data in a fragment than the available
credit on the session (or it could deadlock).
An WebMUX implementation MUST fragment streams when transmitting them into
fragments. The fragment size can be controlled using the SetMSS control message.
The max_fragment_size, a variable which is maintained on (currently) a per
transport TCP connection basis, determines the largest possible fragment a
sender should ever send to a receiver. This determines the maximum latency
introduced by a WebMUX layer above and beyond the inherent TCP latencies (socket
buffering on both sender and receiver and the delay-bandwidth product amount of
data that could be in flight at any given instant). A client on a low bandwidth
link, or with limited memory buffering might decide to set the
max_fragment_size down to control latency and buffer space required.
If max_fragment_size is set to zero, the transmitter is left to determine the
fragment size and MAY take into account application protocol knowledge (e.g. a
WebMUX implementation for HTTP might send fragments of the metadata of embedded
objects, or the next phase of a progressive image format, which it only knows).
An implementation SHOULD honor the max_fragment_size as it transmits data, if it
has been set by the receiver.
An WebMUX implementation that does not have explicit knowledge or experience of
good fragment sizes might use these guidelines as a starting point:
* The path_MTU of the TCP connection, minus the size of the TCP and IP
headers (remember that IPV6 may have longer headers!) and 8 bytes for an
WebMUX header, if this information is available [3].
* The MSS of the TCP connection, if the path_MTU is not available
* In either case, you probably want to subtract 8 bytes to make sure a
WebWebMUX header can be added without forcing another TCP segment.
This would result in fragmentation roughly similar to TCP segmentation over
multiple TCP connections.
An implementation should round robin between sessions with data to send in some
fashion to avoid starving sessions, or allowing a single thread to monopolize
the TCP connection. Exact details of such behavior is left to the
implementation. To achieve highest bandwidth and lowest overhead WebMUX
behavior, credits should be handed out in reasonably large chunks. TCP
implementations typically send an ack message on every other packet, and it is
very hard to arrange to piggyback acks on data segments in implementations.
Therefore, for WebMUX to have reasonably low overhead credits should be handed
out in some significant multiple (4 or more times larger) than the ~3000 bytes
represented by two packets on an ethernet. The outstanding credit balance across
active sessions will also have to be larger than the bandwidth/delay product of
the TCP connection if WebMUX is not to become a limit on TCP transport
performance.
Both of these arguments indicate that outstanding credits in many
implementations should be 10K bytes or more. Implementations SHOULD piggyback
credit messages on data packets where possible, to avoid unneeded packets on the
wire. A careful implementation in which both ends of the TCP connection are
regularly sending some payload should be able to avoid sending extra packets on
the network.
If necessary, we could add in a future version fragmentation control messages to
do some bandwidth allocation, but for now, we are not bothering.
WebMUX Header
WebMUX headers are always in big endian byte order.
If people want, we could expand out the union below on a control message type
basis (e.g. the way the C bindings to X events were written out...). For this
draft, I'm not doing so.
#define MUX_CONTROL 0x00800000
#define MUX_SYN 0x00400000
#define MUX_FIN 0x00200000
#define MUX_RST 0x00100000
#define MUX_PUSH 0x00080000
#define MUX_SESSION 0xFF000000
#define MUX_LONG_LENGTH 0xFF040000
#define MUX_LENGTH 0x0003FFFF
typedef unsigned int flagbit;
struct w3mux_hdr {
union {
struct {
unsigned int session_id : 8;
flagbit control : 1;
flagbit syn : 1;
flagbit fin : 1;
flagbit rst : 1;
flagbit push : 1;
flagbit long_length : 1;
unsigned int fragment_size : 18;
int long_fragment_size : 32;
/* only present if long_length is set */
} data_hdr;
struct {
unsigned int session_id : 8;
flagbit control : 1;
unsigned int control_code : 4;
flagbit long_length : 1;
unsigned int fragment_size : 18;
int long_fragment_size : 32;
/* only present if long_length is set */
} control_message;
} contents;
};
The fragment_size is always the size in bytes of the fragment, excluding the
WebMUX header and any padding.
Alignment
WebMUX headers are always (at least) 32 bit aligned. To find the next WebMUX
header, take the fragment_size, and round up to the next 32 bit boundary.
Transmitters MAY insert NoOp control messages to force 64 bit alignment of the
protocol stream.
Long Fragments
A WebMUX header with the long_length bit set must use the 32 bits following the
WebMUX header (the long_fragment_size field) for the value of the fragment_size
field, for whatever purpose the fragment_size field is being used for.
Atoms
Atoms are integers that are used as short-hand names for strings, which are
defined using the InternAtom control message. Atoms are only used as protocol
ID's in this version of WebMUX, though they might be used for other purposes in
future versions. Since the atom might be redefined at any time, it is not safe
to use an atom unless you have defined it (i.e. you cannot use atoms defined by
the other end of a mux connection). Atoms are therefore not unique values, and
only make sense in the context of a particular direction of a particular mux
connection. This restriction is to avoid having to define some protocol for
deallocating atoms, with any round trip overhead that would likely imply.
Strings are defined to be UTF-8 encoded UNICODE strings. (Note that an ascii
string is valid UTF-8). The definition of structure of these strings is outside
of the scope of this document, though we expect they will often be URI's, naming
a protocol or stack of protocols. Atoms always have values between 0x20000 and
0x200ff (a maximum of 256 atoms can be defined).
Strings used for protocol id's MUST be URIs [28].
Protocol ID's
The protocol used by a session is identified by a Protocol ID, which can either
be an IANA port number, or an atom.
1. To allow higher layers to stack protocols (e.g. HTTP on top of deflate
compression, on top of TCP).
2. To identify the protocol or protocol stack in use so that application
firewall relays can perform sanity checking and policy enforcement on the
multiplexed protocols .
Firewall proxies can presume that the bytes should conform to that protocol
identified by the Protocol ID.
* 0-0xFFFF: IANA-registered TCP protocols [17]
* 0x10000-0x1FFFF: IANA-registered UDP protocols [17]
* 0x20000-0x2FFFF: per-underlying-connection-defined MUX atoms.
The scheme name of the URI indicates the protocol family being used (e.g.
http, ftp, etc.).
* 0x30000-0x3FFFF: server-assigned protocol IDs
The assignment of these ID's are outside the scope of this protocol, and
may pose additional security hazards.
Session ID Allocation
Each session is allocated a session identifier. Session Identifiers below 0 and
1 are reserved for future use. Session IDs allocated by initiator of the
transport TCP connection are even; those allocated by the receiver of the
transport connection odd. Proxies that do not understand messages of reserved
Session ID's should forward them unchanged. A session identifier MUST only be
deallocated and potentially reused by new sessions when a session is fully
closed in both directions.
Session Establishment
To establish a new session, the initiating end sends a SYN message, allocating a
free session number out of its address space. A session is established by
setting the SYN bit in the first message sent on that session. The session is
specified by the session_id field. The fragment_size field is interpreted as the
protocol ID of the session, as discussed above.
The receiver MUST either open the reverse path of that session (send a SYN
message), or it MUST send a FIN message to indicate that the reverse path is not
going to be used further, or send a RST message to indicate an error. This
enables the initiator of a session to know when it is safe to reuse that session
ID.
Graceful Release
A session is ended by sending a fragment with the FIN bit set. Each end of a
WebMUX connection may be closed independently.
WebMUX uses a half-close mechanism like TCP[1] to close data flowing in each
direction in a session. After sending a FIN fragment, the sender MUST NOT send
any more payload in that direction.
Disgraceful Release
A session may be terminated by sending a message with the RST bit set. All
pending data for that session should be discarded. "No such protocol" errors
detected by the receiver of a new session are signaled to the originator on
session creation by sending a message with the RST bit set. (Same as in TCP).
The payload of the fragment containing the RST bit contains the null terminated
string containing the URI of an error message (note that content negotiation
makes this message potentially multi-lingual), followed by a null terminated
UTF-8 string containing the reason for the reset (in case the URI is not
accessable).
Message Boundaries
A message boundary is marked by sending a message with the PUSH bit set. The
boundary is set between the last octet in this message, including that octet,
and the first byte of a subsequent message. This differs slightly from TCP, as
PUSH can be reliably used as a record mark.
Flow Control
Flow control is determined by a simple credit scheme described above by using
the AddCredit control message defined below. Fragments transmitted MUST never
exceed the outstanding credit for that session. The initial outstanding credit
for a session is 16Kbytes.
End Points
One of the major design goals of WebMUX is to allow callbacks to objects in the
process that initiated the transport TCP connection without requiring additional
TCP connections (with the overhead in both machine resources and time that this
would cause, or the problems with TCP connection establishment through
firewalls).
The DefineEndpoint control message allows one to advertize that a particular
(set of) URI's are reachable over the transport TCP connection.
A MUX protocol ID only identifies a MUX channel relative to a particular
"endpoint". The pair of <endpoint><protocol ID> completely identify a MUX
channel, without regard to IP address, TCP port, or other information. Endpoint
IDs are URI names for endpoints. Any endpoint may have multiple endpoint IDs. We
do not place any further restrictions on the types of URIs that are used as
endpoint IDs.
A client connecting from a MUX endpoint A to a MUX channel on a different
endpoint B may send an ID for A to B via the DefineEndpoint control message. If
a client in endpoint B then needs to connect to a MUX channel in endpoint A, it
may do so by using the existing lower-level byte stream originated from endpoint
A. A connection initiator may send multiple DefineEndpoint control messages with
different endpoint IDs for the same endpoint.
Connection initiators may wish to control the disclosure of endpoint
information, both for security purposes and for optimal application timing, and
should be given reasonable
Whether this relative URI naming can be used depends upon the scheme of the URI
[20], which defines its structure. For example, a firewall proxy might advertize
just "http:" for the proxy, claiming it can be used to contact any HTTP protocol
object anywhere, or "http://foo.com/bar/" to indicate that any object below that
point in the URI space on the server foo.com may be reached by this TCP
connection. A client might advertize that "http://myhost.com/" is available via
this transport TCP connection.
Control Messages
The control bit of the WebMUX header is always set in a control message. Control
messages can be sent on any session, even sessions that are not (yet) open. The
control_code reuses the SYN, FIN, RST, and PUSH bits of the WebMUX header. The
control_code of the control message determines the control message type. Any
unused data in a control message must be ignored.
The revised version of WebMUX means that a session creation costs 4 bytes (a
control message with SYN set, and with the protocol ID in the message).
Therefore the first fragment of payload has a total overhead of 8 bytes. (This
is presuming using an IANA based protocol, rather than a named protocol). This
is the same as the previous version, though it means two messages rather than
one.
The individual control message types are listed below (code Name direction;
description):
0 InternAtom Both
The session_id is used as the Atom to be defined (offset by 0x2000), so a
value of 0 is defining ID 0x2000). The fragment_size field is the length
of the UTF-8 encoded string. The fragment itself contains the string to be
interned. This allows the interning of 256 strings. (is this enough?).
1 DefineEndpoint Both
The session_id is ignored. The fragment_size is interpreted as the
protocol ID, naming an endpoint actually available on this transport TCP
connection. This enables a single transport TCP connection to be used for
callbacks, or to advertise that a protocol endpoint can be reached to the
process on the other end of the transport TCP connection.
2 SetMSS Both
This sets a limit on fragment sizes below the outstanding credit limit.
The session_id must be zero. The fragment_size field is used as
max_fragment_size (the largest fragment that be sent on any session on
this transport TCP connection.). A max_fragment_size of zero means there
is no limit on the fragment size allowed for this session.
3 AddCredit R->T
The session_id specifies the session. The fragment_size specifies the flow
control credit granted (to be added to the current outstanding credit
balance). A value of zero indicates no limit on how much data may be sent
on this session.
4 SetDefaultCredit R->T
The session_id must be zero. The fragment_size field is used as to set the
initial default credit limit for any incoming WebMUX connections over this
transport TCP connection. (i.e. it is short hand for sending a series of
AddCredit messages for each session ID).
5 NoOp Both
This control message is defined to perform no function. Any data in the
payload should be ignored.
6-15 - Undefined.
Reserved for future use. Must be ignored if not understood, and forwarded
by any proxies. The fragment_size is always used for the length of the
control message, and any data for the control message will be in the
payload of the control message (to allow proxies to be able to forward
future control messages).
------------------------------------------------------
Security Considerations
Advertizing endpoints inappropriately might allow a client to connect to
services that should be protected.
Using the protocol ID range 0x30000-0x3FFFF for server-assigned protocol IDs may
prevent a firewall proxy from having enough information to safely proxy
protocols of those types. Firewall proxy implementers should not blindly forward
protocols of this range.
Firewall proxies implementing WebMUX should enforce appropriate policies for
protocols being multiplexed over WebMUX, in a fashion similar to the policies
imposed for native protocols.
Clearly, any security consideration for a protocol is likely to still apply to
its use when being multiplexed via WebMUX.
------------------------------------------------------
Remaining Issues for Discussion
When can WebMUX be used???
* What are the appropriate strategies for determining if the WebMUX protocol
can be used?
* Name server hack?
* UPGRADE in HTTP?
* Remember that previous UPGRADE to use WebMUX worked?
* Should there be a more compact open message?
------------------------------------------------------
Comparison with SCP (TMP)
Note that TIP (Transaction Internet Protocol) [21] defines a version of SCP
called TMP .
Goals:
* Unconfirmed service without negotiation.
* SCP allows data to be sent with the session establishment; the recipient
does not confirm successful mux connection establishment, but may reject
unsuccessful attempts. This simplifies the design of the protocol, and
removes the latency required for a confirmed operation.
* simple design
* performance where critical
There are five issues that make SCP (TMP) inadequate for our use:
* SCP can deadlock, unless unlimited amounts of memory is available.
* it has no provision for multiplexing multiple protocols over the same
transport TCP connection, essential for graceful transition without
dependency on the currently incomplete NG design, and to allow other uses
which could use the same multiplexed connection (e.g. applet communication
with serverlets).
* SCP's 8 byte overhead is not reasonable most of the time. WebMUX uses four
bytes in the default case. The design below permits an 8 byte header if
you care to preserve 64 bit alignment at the cost of bytes. In practice,
there seems few data formats or architectures that actually require more
than 32 bit alignment.
* Without some form of flow control, infinite buffering in clients
(receivers) would be required.
* Alignment is preserved in the data stream. This allows compact, high speed
(un)marshalling code in implementations of binary protocols, without extra
data copies, which in such protocols can be significant overhead.
* SCP SYN in Version 2 requires a second message, which costs a round trip.
So far, WebMUX is similar to SCP. There are some important differences:
* deadlock-free (we believe), by a credit based flow control scheme.
* allow multiple protocols to be multiplexed over same TCP connection (not
available in SCP).
* lower overhead than SCP, while preserving data alignment (very important
for binary protocol marshaling code)
* ability to build a full function socket interface above this protocol.
* WebMUX avoids the SYN round trip of SCP V2 by session ID's being allocated
in independent address spaces. This also avoids many of the state
transitions of SCP, simplifying the protocol greatly.
* SCP has 224 sessions, which seems highly excessive, and reserves 1024 of
them for future use.
------------------------------------------------------
Closed Issues from Discussion and Mail
Some of the comments below allude to previous versions of the specification, and
may not make sense in the context of the current version. It will likely be
eliminated in future versions, but may answer some questions that arise when
reading this document.
Flow control: priority vs. credit schemes
Henrik and I have convinced ourselves there are fundamental differences between
a priority scheme and the credit scheme in this draft. They interact quite
differently with TCP, and priority schemes have no way to limit the total amount
of data being transmitted, though priority schemes are better matched to what
the Web wants. We've decided, at least for now, to defer any priority schemes to
higher level protocols.
Stacking Protocols and Transports (Stacks)
ILU [22] style protocol stacks are a GOOD THING. There have been too many
worries about the birthday problem for people to be comfortable with Bill
Janssen's hashing schemes (see Henrik Frystyk Nielsen and Robert Thau's mail on
this topic). We tried putting this directly in WebMUX in a previous version, and
experience shows that it didn't really help an implementer (in particular, Bill
Janssen while implementing ILU). This version has just the name of the protocol,
and it is left to others to implement any stacking (e.g. ILU).
We believe the name of the protocol is necessary, if WebMUX is ever to be used
with firewalls. Application level firewall relays need the protocol information
to sanity check the protocol being relayed. Application level relays are
considered much more secure than just punching holes in the firewall for
particular protocol families, which small organizations often find sufficient,
as the relay can sanity check the protocol stream and enable better policy
decisions (for example, to forbid certain datatypes in HTTP to transit a
firewall). Large organizations and large targets typically only run application
level proxies.
Byte Usage
Wasting bytes in general, and in particular at TCP connection establishment, for
a multiplexing transport must be avoided. There are several reasons for this:
* if the initial segment is too long, a network round trip will be lost to
TCP slow start, so bytes near the beginning of a conversation MAY BE much
more precious than bytes later in the conversation, once slow start
overhead has been paid. If the first segment is too long, you fall off a
cliff.
* Directly affects user perceived response; no cleverness of later packing
and batching of request can get the time back; each goes directly to
perceived latency when a user talks to the server for the first time.
So there is more than the usual tension between generality vs. performance.
Performance analysis
Human perception is about 30 milliseconds; if much more than this, the user
perceives delay. At 14.4 K baud, one byte uncompressed costs .55 milliseco nds
(ignoring modem latencies). On an airplane via telephone today, you get a
munificent 4800 baud, which is 3X slower. Cellular modems transmitting data
(CDPD), as I understand it, will give us around 20Kbaud, when deployed.
So basic multiplexing @ 4 byte overhead costs ~ 2 milliseconds on common modems.
This means basic overhead is small vs. human perception, for most low speed
situations, a good position to be in.
On WebMUX connection open, with above protocol we send 4 bytes in the setup
message, and then must open a session, requiring at least 8 bytes more. 12 bytes
== 7 milliseconds at 14.4K. Not 64 bit aligned, and 4 bytes costs of order 2
milliseconds. Ugh... Maybe a setup message isn't a good idea; other uses (e.g.
security) can be dealt with by a control message.
Multiple protocols over one WebMUX
We want to WebMUX multiple protocols simultaneously over the same transport TCP
connection, so we need to know what protocol is in use with each session, so the
demultipexor can hand the data to the right person. (e.g. SUNRPC and DCERCP
simultaneously).
There are two obvious ways I can see to do this:
a) Send a control message when a session is first used, indicating the
protocol.
Disadvantage: costs probably 8 bytes to do so (4 WebMUX overhead, and 4
byte message), and destroys potential 64 bit alignment.
b) If syn is set indicating new session, then steal mux_length field to
indicate protocol in use on that session.
(overhead; 4 bytes for the WebMUX header used just to establish the
session.)
Opinions? Mine is that b) is better than a. Answer: b) is the adopted strategy.
Priority...
For a given stream, priority will affect which session is handled when
multiplexing data; sending the priority on every block is unneeded, and would
waste bytes. There is one case in which priority might be useful: at an
intermediate proxy relaying sessions (and maybe remultiplexing them).
If so, it should be sent only when sessions are established or changed. Changes
can be handled by a control message. Opinions?
A priority field can be hacked into the length field with the protocol field
using b) above.
So the question is: is it important to send priority at all in this WebMUX
protocol? Or should priority control, if needed, be a control message? ;
(control message).
Answer: Not in this protocol. Opens Pandora's box with remultiplexors, which
could have denial of service attacks.
Setup message
Is any setup message needed? I don't think it is,. and initial bytes are
precious (see performance discussion above), and it complicates trivial use. If
we move the byte order flag to the WebMUX header, and use control messages if
other information needs to be sent, we can dispense with it, and the layer is
simpler. This is my current position, and unless someone objects with reasons,
I'll nuke it in the next version of this document.
Answer: Not needed. Nuked.
Byte order flags
While higher layer protocols using host dependent byte order can be a performan
ce win (when sending larger objects such as arrays of data), the overhead at
this layer isn't much, and may not be worth bothering with. Worst case (naive
code) would be four memory reads and 3 shift overhead/payload. Smart code is one
load and appropriate shifts etc.
Opinions? I'm still leaning toward swapping bytes here, but there are other
examples of byte load and shift (particularly slow on Alpha, but not much of an
issue on other systems).
Answer: Not sufficient performance gain at WebMUX level to be worth doing.
Defined as LE byte order for WebMUX headers.
Error handling
There are several error conditions, probably best reported via control messages
from server:
* No such protocol. Some sort of serial number should be reported, I
suppose; this serial number can be implicit as in X
* bad message.
* Some combinations of flag bits are not legal.
* Priority if it exists?
Any others? Any twists to worry about?
Answer: Only error that can occur is no such protocol, given no priority in the
base protocol. May still be some unresolved issues here around "Christma s Tree"
message (all bits turned on).
Length Field
Any reason to believe that the 32 bit length field for a single payload is
inadequate? I don't think so, and I live on an Alpha.
Answer: 32 bit extended length field for a single fragment is sufficient.
Compression
Does there need to be a bit saying the payload is compressed to avoid explosion
of protocol types?
Answer: Yes; introduction of control message to allow specification of transport
stacks achieves this.
Stacks
I think that we should be able to multiplex any TCP, UDP, or IP protocol.
Internet protocol numbers are 8 bit fields.
So we need 16 bits for TCP, one bit to distinguish TCP and UDP, and one bit more
we can use for IP protocol numbers and address space we can allocate privately.
This argues for an 18 bit length field to allow for this reuse. * 18 bit length
field * * 8 bit session field * * 4 control bits * * 1 long length bit *
The last bit is used to define control messages, which reuse the syn, fin, rst,
and push bits as a control_code to define the control message. There are
escapes, both by undefined control codes, and by the reservation of two sessions
for further use if there needs to be further extensions. The spec above reflects
this.
Alignment
Back to alignment. If we demand 4 byte alignment, for all requests that do not
end up naturally aligned, we waste bytes. Two bytes are wasted on average. At
14.4Kbaud the overhead for protocols that do not pad up would on mean be 6 bytes
or ~3ms, rather than 4 bytes or ~ 2 ms (presuming even distributions of length).
Note that this DOES NOT effect initial request latency (time to get first URL),
and is therefore less critical than elsewhere.
I have one related worry; it can sometimes be painful to get padding bytes at
the end of a buffer; I've heard of people losing by having data right up to the
end of a page, so implementations are living slightly dangerous ly if they
presume they can send the padding bytes by sending the 1, 2 or 3 bytes after the
buffer (rather than an independent write to the OS for padding bytes).
Alternatively, the buffer alignment requirement can be satisfied by
implementations remembering how many pad bytes have to be sent, and adjusting
the beginning address of the subsequent write by that many bytes before the
buffer where the WebMUX header has been put. Am I being unnecessarily paranoid?
Opinion: I believe alignment of fragments in general is a GOOD THING, and will
simplify both the WebMUX transport and protocols at higher levels if they can
make this presumption in their implementations. So I believe this overhead is
worth the cost; if you want to do better and save these bytes, then start
building an application specific compression scheme. If not, please make your
case.
Control bits
Are the four bits defined in Simon's flags field what we need? Are there any
others?
Answer: no. More bits than we need. Current protocol doesn't use as many. I've
ended back at the original bits specified, rather than the smaller set suggested
by Bill Janssen. This enables full emulation of all the details of a socket
interface, which would not otherwise be possible. See details around TCP and
socket handling, discussed in books like "TCP/IP Illustrated," by W. Richard
Stevens.
Am I all wet?
Opinion: I believe that we should do this.
Control Messages
Question: do we want/need a short control message? Right now, the out for
extensibility are control messages sent in the reserved (and as yet unspecified
) control session. This requires a minimum of 8 bytes on the wire. We could
steal the last available bit, and allow for a 4 byte short control message, that
would have 18 bits of payload.
Opinion: Flow control needs it; protocol/transport stacks need it. Document
above now defines some control messages.
Simplicity of default Behavior
The above specification allows for someone who just wants to WebMUX a single
protocol to entirely ignore protocol ID's.
------------------------------------------------------
Acknowledgements
Contributors include (at least): Bill Janssen, Mike Spreitzer, Robert Thau,
Larry Masinter, Paul Leach, Paul Bennett, Rich Salz, Simon Spero, Mark Handey,
Anselm Baird-Smith, and Wan-Teh Chang. Our apologies to anyone we've missed.
------------------------------------------------------
References
1. J.. Postel, "Transmission Control Protocol", RFC 793, Network Information
Center, SRI International, September 1981
2. J. Postel, "TCP and IP bake off", RFC 1025, September 1987
3. J. Mogul, S. Deering, "Path MTU Discovery", RFC 1191, DECWRL, Stanford
University, November 1990
4. T. Berners-Lee, "Universal Resource Identifiers in WWW. A Unifying Syntax
for the Expression of Names and Addresses of Objects on the Network as
used in the World-Wide Web", RFC 1630, CERN, June 1994.
5. R. Braden, "T/TCP -- TCP Extensions for Transactions: Functional
Specification", RFC 1644, USC/ISI, July 1994
4. R. Fielding, "Relative Uniform Resource Locators", RFC 1808, UC Irvine,
June 1995.
5. T. Berners-Lee, R. Fielding, H. Frystyk, "Hypertext Transfer Protocol --
HTTP/1.0", RFC 1945, W3C/MIT, UC Irvine, W3C/MIT, May 1996
6. R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, T. Berners-Lee,
"Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, U.C. Irvine, DEC
W3C/MIT, DEC, W3C/MIT, W3C/MIT, January 1997
7. S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels",
RFC 2119, Harvard University, March 1997
8. J. Touch, "TCP Control Block Interdependence", RFC 2140, April 1997
9. W. Stevens, "TCP Slow Start, Congestion Avoidance, Fast Retransmit, and
Fast Recovery Algorithms", RFC 2001, January 1997
10. V. Jacobson, "Congestion Avoidance and Control", Proceedings of SIGCOMM
'88
11. H. Frystyk Nielsen, J. Gettys, A. Baird-Smith, E. Prud'hommeaux, H. W.
Lie, and C. Lilley, "Network Performance Effects of HTTP/1.1, CSS1, and
PNG", Proceedings of SIGCOMM '97
12. S. Floyd and V. Jacobson, "Random Early Detection Gateways for
Congestion Avoidance", IEEE/ACM Trans. on Networking, vol. 1, no. 4, Aug.
1993.
13. R.W.Scheifler, J. Gettys, "The X Window System" ACM Transactions on
Graphics # 63, Special Issue on User Interface Software, 5(2):79-109
(1986).
14. V. Paxson, "Growth Trends in Wide-Area TCP Connections" IEEE Network,
Vol. 8 No. 4, pp. 8-17, July 1994
15. S. Spero, "Session Control Protocol, Version 1.0"
16. S. Spero, " Session Control Protocol, Version 2.0"
17. Keywords and Port numbers are maintained by IANA in the port-numbers
registry.
18. Keywords and Protocol numbers are maintained by IANA in the
protocol-numbers registry.
19. W. Richard Stevens, "TCP/IP Illustrated, Volume 1", Addison-Wesley, 1994
20. Berners-Lee, T., Fielding, R., Masinter, L., "Uniform Resource
Identifiers (URI): Generic Syntax and Semantics," Work in Progress of the
IETF, November, 1997.
21. J. Lyon, K. Evans, J. Klein, "Transaction Internet Protocol Version
2.0," Work in Progress of the Transaction Internet Protocol Working Group,
November, 1997.
22. B. Janssen, M. Spreitzer, " Inter-Language Unification"; in particular
see the manual section on Protocols and Transports.
------------------------------------------------------
Authors' Addresses
* James Gettys
MIT Laboratory for Computer Science
545 Technology Square
Cambridge, MA 02139, USA
Fax: 1 (617) 258 8682
Email: jg@pa.dec.com
* Henrik Frystyk Nielsen
W3C/MIT Laboratory for Computer Science
545 Technology Square
Cambridge, MA 02139, USA
Fax: +1 (617) 258-8682
Email: frystyk@w3.org
------------------------------------------------------
@(#) $Id: WD-mux.html,v 1.4 1998/08/03 18:36:32 frystyk Exp $
| PAFTECH AB 2003-2026 | 2026-04-23 00:57:19 |