HTTP/2 connection resue for subdomains on different apex domains that share the same IP and certificate
(Core :: Networking: HTTP, enhancement)
(Reporter: kaiwmse, Unassigned)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Steps to reproduce:
- Open about:networking#sockets
- Access a random page on Wikipedia, e.g. https://en.wikipedia.org/wiki/Main_Page
- Click the link to some other projects maintained by the Wikimedia Foundation that use domains other than wikipedia.org, e.g. https://en.wikisource.org/wiki/Main_Page or https://en.wikibooks.org/wiki/Main_Page
- Go back to about:networking#sockets and check the number of sockets with the text frontend server IP of Wikimedia.
They direct users to different datacenter IPs using GeoDNS, and each DC has a single IP for all projects hosted by them. https://wikitech.wikimedia.org/wiki/Wikimedia_infrastructure
Two sockets to 18.104.22.168 was established. It can also be confirmed in Wireshark by checking the SNI field in TLS Client Hello, that the first connection has "en.wikipedia.org", and the second one has the domain of another project, say "en.wikisource.org"
The second request to en.wikisource.org can reuse the TCP connection to "en.wikipedia.org". Such behavior does not appear to violate seection 9.1.1 "Connection Reuse" of RFC 7540:
A connection can be reused as long as the origin server is authoritative (Section 10.1). For TCP connections without TLS, this depends on the host having resolved to the same IP address.
For "https" resources, connection reuse additionally depends on having a certificate that is valid for the host in the URI.
It might be worth mentioning that chromium currently does reuse (or should it be called "coalesce"?) connections in this case. Their netlog call this event
HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION_FROM_IP_POOL, and is mentioned in a document.
Implementing this will reduce the latency users face when accessing related information on other domains while reading an Wikipedia article, and potentially more cases. This issue might get considered together with bug 1420777, where discussion about HTTP/2 connection coalescing is taking place.
2 years ago