Closed Bug 1710199 Opened 3 years ago Closed 3 years ago

HTTP/2 connection resue for subdomains on different apex domains that share the same IP and certificate

Categories

(Core :: Networking: HTTP, enhancement)

Product:
Core
Component:
Networking: HTTP
Version:
Firefox 88
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1420777

People

(Reporter: kaiwmse, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Steps to reproduce:

  1. Open about:networking#sockets
  2. Access a random page on Wikipedia, e.g. https://en.wikipedia.org/wiki/Main_Page
  3. Click the link to some other projects maintained by the Wikimedia Foundation that use domains other than wikipedia.org, e.g. https://en.wikisource.org/wiki/Main_Page or https://en.wikibooks.org/wiki/Main_Page
  4. Go back to about:networking#sockets and check the number of sockets with the text frontend server IP of Wikimedia.
    They direct users to different datacenter IPs using GeoDNS, and each DC has a single IP for all projects hosted by them. https://wikitech.wikimedia.org/wiki/Wikimedia_infrastructure

Actual results:

Two sockets to 208.80.153.224 was established. It can also be confirmed in Wireshark by checking the SNI field in TLS Client Hello, that the first connection has "en.wikipedia.org", and the second one has the domain of another project, say "en.wikisource.org"

Expected results:

The second request to en.wikisource.org can reuse the TCP connection to "en.wikipedia.org". Such behavior does not appear to violate seection 9.1.1 "Connection Reuse" of RFC 7540:

A connection can be reused as long as the origin server is authoritative (Section 10.1). For TCP connections without TLS, this depends on the host having resolved to the same IP address.
[...]
For "https" resources, connection reuse additionally depends on having a certificate that is valid for the host in the URI.

It might be worth mentioning that chromium currently does reuse (or should it be called "coalesce"?) connections in this case. Their netlog call this event HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION_FROM_IP_POOL, and is mentioned in a document.

Implementing this will reduce the latency users face when accessing related information on other domains while reading an Wikipedia article, and potentially more cases. This issue might get considered together with bug 1420777, where discussion about HTTP/2 connection coalescing is taking place.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.