Inkampani yeCloudflare ukubonelela ngenkxaso ye-HTTP/3 protocol kwi-NGINX. Imodyuli iyilwe njengesongezo kwithala leencwadi eliphuhliswe nguCloudflare ngokuphunyezwa kwe-QUIC kunye ne-HTTP/3 yezothutho protocol. Ikhowudi ye-quiche ibhalwe kwi-Rust, kodwa imodyuli ye-NGINX ngokwayo ibhaliwe kwi-C kwaye ifikelela kwilayibrari isebenzisa ukudibanisa okuguquguqukayo. Uphuhliso phantsi kwelayisensi ye-BSD.
Ukudibanisa, khuphela nje kwi nginx 1.16 kwaye iilayibrari ze-quiche, emva koko uphinde wakhe i-nginx ngeendlela "-nge-http_v3_module -nge-quiche=../quiche". Xa kwakhiwa, inkxaso ye-TLS kufuneka isekelwe kwilayibrari ye-BoringSSL ("--with-openssl=../quiche/deps/boringssl"), ukusetyenziswa kwe-OpenSSL akukaxhaswa. Ukwamkela uqhagamshelo, kufuneka udibanise umyalelo wokumamela ngeflegi "ekhawulezayo" kwiisetingi (umzekelo, "mamela 443 quic reuseport").
Kwisoftware yomxhasi, inkxaso ye-HTTP/3 sele yongezwe kwizakhiwo zovavanyo ze-Chrome Canary kunye ne-curl utility. Kwicala lomncedisi, kude kube ngoku bekuyimfuneko ukusebenzisa ngokwahlukileyo, okulinganiselwe . Ukukwazi ukucubungula i-HTTP/3 kwi-nginx kuya kwenza lula ukuthunyelwa kweeseva ngenkxaso ye-HTTP/3 kwaye kuya kwenza ukuphunyezwa kovavanyo lweprotocol entsha ifikeleleke ngakumbi. Ukuvela kwenkxaso esemgangathweni yeHTTP/3 kwi nginx kwisebe 1.17.x iinyanga 6-12.
Khumbula ukuba i-HTTP/3 ibeka umgangatho wokusetyenziswa kweprotocol ye-QUIC njengothutho lwe-HTTP/2. Umgaqo-nkqubo (I-Quick UDP Internet Connections) iye yaphuhliswa yiGoogle ukususela ngo-2013 njengenye indlela yokudibanisa i-TCP + TLS yeWebhu, ukuxazulula iingxaki ngokuseta ixesha elide kunye namaxesha othethathethwano lokudibanisa kwi-TCP kunye nokuphelisa ukulibaziseka xa iipakethi zilahlekile ngexesha lokudluliselwa kwedatha. I-QUIC lulwandiso lweprotocol ye-UDP exhasa ukuphindaphindwa koqhagamshelo oluninzi kwaye ibonelele ngeendlela zofihlo ezilingana neTLS/SSL.
Siseko QUIC:
- Ukhuseleko oluphezulu olufana ne-TLS (ngokubalulekileyo i-QUIC ibonelela ngokukwazi ukusebenzisa i-TLS ngaphezu kwe-UDP);
- Ukulawulwa kwengqibelelo yokuhambahamba, ukuthintela ukulahleka kwepakethi;
- Ukukwazi ukuseka ngokukhawuleza uxhulumaniso (i-0-RTT, malunga ne-75% yeemeko zedatha zingathunyelwa ngokukhawuleza emva kokuthumela ipakethi yokuseta uxhulumaniso) kwaye unikeze ukulibaziseka okuncinci phakathi kokuthumela isicelo kunye nokufumana impendulo (RTT, Round Trip Time);
- Ukungasebenzisi inombolo yolandelelwano efanayo xa uphinda uthumela ipakethi, nto leyo inqanda ukungafihli ekuchongeni iipakethi ezifunyenweyo kunye nokulahla ukuphelelwa kwexesha;
- Ukulahleka kwepakethi kuchaphazela kuphela ukuhanjiswa komlambo ohambelana nayo kwaye akuyeki ukuhanjiswa kwedatha kwimijelo ehambelanayo ehanjiswa ngoxhumo lwangoku;
- Iimpawu zokulungiswa kweempazamo ezinciphisa ukulibaziseka ngenxa yokuthunyelwa kwakhona kweepakethi ezilahlekileyo. Ukusetyenziswa kweekhowudi ezikhethekileyo zokulungiswa kweempazamo kwinqanaba lepakethe ukunciphisa iimeko ezifuna ukuhanjiswa kwakhona kwedatha yepakethe elahlekileyo.
- Imida yebhloko ye-Cryptographic ihambelana nemida yepakethe ye-QUIC, eyanciphisa impembelelo yokulahlekelwa kwepakethi kwi-decoding imixholo yeepakethi ezilandelayo;
- Akukho ngxaki ngokuvalwa komgca we-TCP;
- Inkxaso yokuchonga uxhulumaniso, okunciphisa ixesha elithathayo ukuseka uxhulumaniso kwakhona kubaxhasi beselula;
- Ukubanakho kokudibanisa iindlela zokulawula ukuxinana koqhagamshelwano oluphambili;
- Isebenzisa iindlela zoqikelelo lwengqikelelo yomkhomba-ndlela ngamnye ukuqinisekisa ukuba iipakethi zithunyelwa ngemilinganiselo efanelekileyo, zithintele ukuba zingaxinani kwaye zibangele ilahleko yepakethe;
- Kuyaqondakala ukusebenza kunye nokuphumelela xa kuthelekiswa ne-TCP. Kwiinkonzo zevidiyo ezifana ne-YouTube, i-QUIC ibonakaliswe ukunciphisa ukusebenza kwakhona xa ubukele iividiyo nge-30%.
umthombo: opennet.ru