Awesome article. I feel like the most game changing part of chrome is that Google turned it into a web app, that is it is always up to date and you never have to install anything (compared to the mess that is IE 7-10). Everyone gets the next network improvements / security fixes. It is so simple and mind boggling at the same time. I know this isn't the main point of the article, but dealing with microsoft stuff recently really hammers this point home.
Chrome only needs WinXP SP2, while still supporting Mac and Linux.
This is a big deal at least with my customers. It's just silly that Chrome has broader Windows support than IE. IE should not be so dependent on the base OS.
I am sure IE10 support will be better but MS is burdened by their decision to limit IE9+ to windows 7 and newer. I read through the MS article on their new automatic upgrade policy and it seems mostly focused on security (for good reason).
What is clear is that the chrome development organization is built to release all the time in perpetuity (just like web, mobile development). Not sure this is true for MS.
Basically, if there are multiple IP's behind a hostname, connect a non-blocking socket to each, then do a select/poll/epoll/kqueue on all of them. Then, once at least one returns, immediately close the rest and use the newly established connection.
This has three nice side-effects. First, if one of the hosts is down, it will never be selected, unlike now when there is a 1 in N chance that you'll be stuck waiting for a very long time. Second, you don't need to explicitly check whether the IPv4 vs IPv6 stacks are operational. A connection that is returned to you is the one that works, regardless of the underlying protocol. Third, this provides crude load balancing. Presumably the host that connected the fastest is also the fastest to process your request. The my blog post for some numbers.
Yup! In fact, I didn't cover it in the writeup, but Chrome and other browsers already do this kind of thing on multiple layers: IPv4 and IPv6 (see Happy Eyeballs), plus to recover from lost SYN's.
Interesting. One of the apps I run is split between two servers. When I was bringing everything up, if one of the severs was down there was always a 50% chance of about a 40 second blank screen before the other server was picked up. If the server that was chosen was in the DNS cache, there was a 100% chance of blank screen. Admittedly, this was about 2 years ago, so things might have changed, but the reliability properties didn't seem to be there at the time.
We've considered this before, and the performance gains do not appear worthwhile (we've run much more extensive tests than you have on top websites to evaluate potential gains), it has extra complexity, it is more of a Hampering Eyeballs approach rather than a Happy Eyeballs approach, it has potential web compat issues (many sites will not expect you to connect to the IPs other than the first), etc etc.
Sorry, but I can't tell from your profile who "we" is. Are any of your results public? Also, what do you mean by "many websites will not expect you to connect to the IPs other than the first"? My OS's DNS resolver randomizes the A/AAAA records I get on every resolution. The website operator cannot control which IP I will connect to. If you mean that websites don't expect two simultaneous connections, then I would be curious how two different servers would coordinate the fact that each got a TCP connection from the same IP at any scale. How does that interact with NAT? For example I believe some IBM campuses are behind giant NAT's with a single IP address per building or some such. Which websites get confused by this?
Sorry, I'm a Chromium dev, and in particular I'm the net maintainer who authored the majority of the current connection management code you are discussing. Our results are not public. The web compat concerns are with more exotic, enterprise configurations, not public ones. They are not the most compelling concerns though.
Ilya has never disappointed me with any of his articles. They are always top notch, and this one is no exception. As a Chrome user, seeing how things work behind the scenes (and why) is fascinating!
After processing the full article, I'm completely amazed at all the extreme lengths Chrome goes employs to speed page loading. From the networking stack, with it's abundance of optimisations and resource reuse, to the massive (and slightly scary) intelligence of the predictions stack, it all combines to make one heck of a browser!
Even if Chrome had only 10% of its current features, I appreciate the fact that it provided competition into the browser market and spurred innovation by _everyone_. The benefit to the internet community as a whole is tremendous.
Interesting note that the network stack is implemented "as a mostly single-threaded (there are separate cache and proxy threads), cross-platform library."
I wonder if someone could extract that lib into its own project. It would be great to have a version of AFNetworking or Python's requests library built on top of this -- in order to take advantage of the advanced socket reuse and late binding stuff that he describes in the article.
But that's all without really looking at the code. Maybe there's just too much Chrome-specific stuff there.
Great article. Chrome is an amazing piece of software.
Talking about web browsers, I can't wait for the next big step. Mozilla and Google are already moving ahead: When web browsers become the whole OS. With web apps becoming fully capable, and with native apps increasingly network integrated, the distinction is becoming meaningless.
In that vision of web browsers as OSs, there is a big limitation. More than some still incomplete APIs, or a few ones still missing, the problem is the whole development story. Web development is still a chaos. The web platform, is a soup with far too many ingredients. Why we still have to develop application's UIs, using a document markup engine?.
The web is rich. There are all kinds of resources. It is non-sense to express all of these resources, with a single development paradigm: html-css-javascript. Native development, is more flexible. There is the possibility of choosing the right tool for the job. I hope that one day not so far away, browsers will gain similar capabilities. Support for multiple separated, specialized development environments.
I think the necessary reworking is going to happen, but it will take a few cycles through the "Wheel of Reincarnation" to make it fully realized - with the rendering example, we now have Canvas and WebGL; instead of relying on the browser, you can create something completely customized, with the downside being that many of the supporting features of the document-renderer paradigm are lost. But it's the right technology for certain kinds of applications, and others can be rebuilt on top of that, and eventually you'll get frameworks, and so on.
At each step, not everyone will be 100% happy with how things are organized, but enough of it will work that it expands the frontier of what kinds of software can be built on the web. We've been through this before - the web has worked because its paradigms keep getting stretched beyond expectations.
IIRC, there are issues with leaking URLs just as with OCSP lookups. So it's more privacy related than security. I was in a hurry when I typed that earlier. But if you think about it, there's still a chance of sending company internal URLs to a third party which given enough data would start to build up a view of the intranet. We have no idea if google then feeds this into their crawler to get more of the hidden web and if there is a misconfiguration elsewhere would then cause results to be publicly visible. See posts about visible printers etc. in the last couple of days.
I coded that demo, it is not the Chrome Socket API that is the problem, it is that I don't error properly in the code and it blocks the port like any socket server would.
I am wondering about the kernel piece. Does Chrome on Windows have any code that is loaded in the kernel? I'd be quite surprised if they did. Any Chrome expert know?
I don't believe he actually means the OS Kernel. It's a userspace "kernel" in that it coordinates the traffic and behavior for all of the subprocesses.
