New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 662519 link

Starred by 3 users
Status: Archived
Owner: ----
Closed: Feb 2018
Cc:
krajshree@chromium.org
rch@chromium.org
b...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

HTTP/2 connections are not coalesced when pointing to the same IP

Reported by fdewee...@fastly.com, Nov 4 2016 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36

Example URL:
https://product.voxmedia.com/

Steps to reproduce the problem:
1. Open a tab to https://product.voxmedia.com/
2. Open a tab to chrome://net-internals/#http2
3. Observe the number of requests for the the connection to voxmedia.com and vox-cdn.com domains
4. Reload https://product.voxmedia.com/ (Ctrl+R)
5. Observe that the 'Initiated' counts for the connections to those domains have all increased.

What is the expected behavior?
Only two of the connections end up being used, and the others are left to timeout or are actively closed. 

What went wrong?
All connections opened are re-used, we effectively end up with 4 connections, 3 of them to the same IP, and the cert is valid for all domains. In the https://product.voxmedia.com case, I see the following connections:
- fonts.voxmedia.com:443 cdn0.vox-cdn.com:443
- cdn3.vox-cdn.com:443 
- product.voxmedia.com:443 auth.voxmedia.com:443
- providence.voxmedia.com:443 fonts.voxmedia.com:443	

All domains involved here resolve as follows:
$ for i in $(cat domains); do host -t a $i ; echo '======================'; done
fonts.voxmedia.com is an alias for prod.vox.map.fastly.net.
prod.vox.map.fastly.net is an alias for prod.vox.map.fastlylb.net.
prod.vox.map.fastlylb.net has address 151.101.40.124
======================
cdn0.vox-cdn.com is an alias for z.vox-cdn.com.
z.vox-cdn.com is an alias for prod.vox.map.fastly.net.
prod.vox.map.fastly.net has address 151.101.40.124
======================
cdn3.vox-cdn.com is an alias for z.vox-cdn.com.
z.vox-cdn.com is an alias for prod.vox.map.fastly.net.
prod.vox.map.fastly.net is an alias for prod.vox.map.fastlylb.net.
prod.vox.map.fastlylb.net has address 151.101.40.124
======================
product.voxmedia.com is an alias for z.voxmedia.com.
z.voxmedia.com is an alias for vox-chorus.map.fastly.net.
vox-chorus.map.fastly.net is an alias for prod.vox-chorus.map.fastlylb.net.
prod.vox-chorus.map.fastlylb.net has address 151.101.41.52
======================
auth.voxmedia.com is an alias for z.voxmedia.com.
z.voxmedia.com is an alias for vox-chorus.map.fastly.net.
vox-chorus.map.fastly.net is an alias for prod.vox-chorus.map.fastlylb.net.
prod.vox-chorus.map.fastlylb.net has address 151.101.41.52
======================
providence.voxmedia.com is an alias for o.voxmedia.com.
o.voxmedia.com is an alias for prod.vox.map.fastly.net.
prod.vox.map.fastly.net is an alias for prod.vox.map.fastlylb.net.
prod.vox.map.fastlylb.net has address 151.101.40.124
======================
fonts.voxmedia.com is an alias for prod.vox.map.fastly.net.
prod.vox.map.fastly.net is an alias for prod.vox.map.fastlylb.net.
prod.vox.map.fastlylb.net has address 151.101.40.124
======================

$ for i in $(cat domains); do echo "=========$i==========="; openssl s_client -connect $i:443 2>&1 | openssl x509 -text | grep -A3 'Subject Alternative Name'; done
=========fonts.voxmedia.com===========
            X509v3 Subject Alternative Name:
                DNS:*.voxmedia.com, DNS:*.americanninjawarriornation.com, DNS:*.meridian.net, DNS:*.recode.net, DNS:*.voxcreative.com, DNS:*.voxfieldguide.com, DNS:americanninjawarriornation.com, DNS:cdn.cstatic.net, DNS:curbed.com, DNS:*.curbed.com, DNS:eater.com, DNS:*.eater.com, DNS:meridian.net, DNS:polygon.com, DNS:*.polygon.com, DNS:racked.com, DNS:*.racked.com, DNS:recode.net, DNS:sbnation.com, DNS:*.sbnation.com, DNS:theverge.com, DNS:*.theverge.com, DNS:vox-cdn.com, DNS:*.vox-cdn.com, DNS:vox.com, DNS:*.vox.com, DNS:voxcreative.com, DNS:voxfieldguide.com, DNS:voxmedia.com
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
=========cdn0.vox-cdn.com===========
            X509v3 Subject Alternative Name:
                DNS:*.voxmedia.com, DNS:*.americanninjawarriornation.com, DNS:*.meridian.net, DNS:*.recode.net, DNS:*.voxcreative.com, DNS:*.voxfieldguide.com, DNS:americanninjawarriornation.com, DNS:cdn.cstatic.net, DNS:curbed.com, DNS:*.curbed.com, DNS:eater.com, DNS:*.eater.com, DNS:meridian.net, DNS:polygon.com, DNS:*.polygon.com, DNS:racked.com, DNS:*.racked.com, DNS:recode.net, DNS:sbnation.com, DNS:*.sbnation.com, DNS:theverge.com, DNS:*.theverge.com, DNS:vox-cdn.com, DNS:*.vox-cdn.com, DNS:vox.com, DNS:*.vox.com, DNS:voxcreative.com, DNS:voxfieldguide.com, DNS:voxmedia.com
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
=========cdn3.vox-cdn.com===========
            X509v3 Subject Alternative Name:
                DNS:*.voxmedia.com, DNS:*.americanninjawarriornation.com, DNS:*.meridian.net, DNS:*.recode.net, DNS:*.voxcreative.com, DNS:*.voxfieldguide.com, DNS:americanninjawarriornation.com, DNS:cdn.cstatic.net, DNS:curbed.com, DNS:*.curbed.com, DNS:eater.com, DNS:*.eater.com, DNS:meridian.net, DNS:polygon.com, DNS:*.polygon.com, DNS:racked.com, DNS:*.racked.com, DNS:recode.net, DNS:sbnation.com, DNS:*.sbnation.com, DNS:theverge.com, DNS:*.theverge.com, DNS:vox-cdn.com, DNS:*.vox-cdn.com, DNS:vox.com, DNS:*.vox.com, DNS:voxcreative.com, DNS:voxfieldguide.com, DNS:voxmedia.com
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
=========product.voxmedia.com===========
            X509v3 Subject Alternative Name:
                DNS:*.voxmedia.com, DNS:*.americanninjawarriornation.com, DNS:*.meridian.net, DNS:*.recode.net, DNS:*.voxcreative.com, DNS:*.voxfieldguide.com, DNS:americanninjawarriornation.com, DNS:cdn.cstatic.net, DNS:curbed.com, DNS:*.curbed.com, DNS:eater.com, DNS:*.eater.com, DNS:meridian.net, DNS:polygon.com, DNS:*.polygon.com, DNS:racked.com, DNS:*.racked.com, DNS:recode.net, DNS:sbnation.com, DNS:*.sbnation.com, DNS:theverge.com, DNS:*.theverge.com, DNS:vox-cdn.com, DNS:*.vox-cdn.com, DNS:vox.com, DNS:*.vox.com, DNS:voxcreative.com, DNS:voxfieldguide.com, DNS:voxmedia.com
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
=========auth.voxmedia.com===========
            X509v3 Subject Alternative Name:
                DNS:*.voxmedia.com, DNS:*.americanninjawarriornation.com, DNS:*.meridian.net, DNS:*.recode.net, DNS:*.voxcreative.com, DNS:*.voxfieldguide.com, DNS:americanninjawarriornation.com, DNS:cdn.cstatic.net, DNS:curbed.com, DNS:*.curbed.com, DNS:eater.com, DNS:*.eater.com, DNS:meridian.net, DNS:polygon.com, DNS:*.polygon.com, DNS:racked.com, DNS:*.racked.com, DNS:recode.net, DNS:sbnation.com, DNS:*.sbnation.com, DNS:theverge.com, DNS:*.theverge.com, DNS:vox-cdn.com, DNS:*.vox-cdn.com, DNS:vox.com, DNS:*.vox.com, DNS:voxcreative.com, DNS:voxfieldguide.com, DNS:voxmedia.com
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
=========providence.voxmedia.com===========
            X509v3 Subject Alternative Name:
                DNS:*.voxmedia.com, DNS:*.americanninjawarriornation.com, DNS:*.meridian.net, DNS:*.recode.net, DNS:*.voxcreative.com, DNS:*.voxfieldguide.com, DNS:americanninjawarriornation.com, DNS:cdn.cstatic.net, DNS:curbed.com, DNS:*.curbed.com, DNS:eater.com, DNS:*.eater.com, DNS:meridian.net, DNS:polygon.com, DNS:*.polygon.com, DNS:racked.com, DNS:*.racked.com, DNS:recode.net, DNS:sbnation.com, DNS:*.sbnation.com, DNS:theverge.com, DNS:*.theverge.com, DNS:vox-cdn.com, DNS:*.vox-cdn.com, DNS:vox.com, DNS:*.vox.com, DNS:voxcreative.com, DNS:voxfieldguide.com, DNS:voxmedia.com
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
=========fonts.voxmedia.com===========
            X509v3 Subject Alternative Name:
                DNS:*.voxmedia.com, DNS:*.americanninjawarriornation.com, DNS:*.meridian.net, DNS:*.recode.net, DNS:*.voxcreative.com, DNS:*.voxfieldguide.com, DNS:americanninjawarriornation.com, DNS:cdn.cstatic.net, DNS:curbed.com, DNS:*.curbed.com, DNS:eater.com, DNS:*.eater.com, DNS:meridian.net, DNS:polygon.com, DNS:*.polygon.com, DNS:racked.com, DNS:*.racked.com, DNS:recode.net, DNS:sbnation.com, DNS:*.sbnation.com, DNS:theverge.com, DNS:*.theverge.com, DNS:vox-cdn.com, DNS:*.vox-cdn.com, DNS:vox.com, DNS:*.vox.com, DNS:voxcreative.com, DNS:voxfieldguide.com, DNS:voxmedia.com
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication

Did this work before? N/A 

Chrome version: 54.0.2840.71  Channel: n/a
OS Version: OS X 10.11.6
Flash Version: Shockwave Flash 23.0 r0

Comment 1 by mmenke@chromium.org, Nov 4 2016

Cc: b...@chromium.org rch@chromium.org
Components: -Internals>Network Internals>Network>HTTP2
Updating labels, no idea if this is expected behavior or not.

Comment 2 by mohamada...@gmail.com, Nov 5 2016 

Stting

Comment 3 by krajshree@chromium.org, Nov 7 2016

Cc: krajshree@chromium.org
Labels: Needs-Feedback
Unable to reproduce the issue in MAC 10.11.16 by using chrome reported version #54.0.2840.71 and latest canary #56.0.2911.0.

Steps followed to reproduce the issue are as follows:
-----------
1. Opened a tab to https://product.voxmedia.com/
2. Opened a tab to chrome://net-internals/#http2
3. Observe the 'Initiated' counts for the the connection to voxmedia.com and vox-cdn.com domains
4. Reloaded https://product.voxmedia.com/ 
5. Observed that only two of the connections were being used as expected.

Attaching screenshots for reference

Reporter@ - Could you please verify the screenshots of HTTP/2 sessions before and after reload of voxmedia page and please let us know if anything missed from our side.

Thanks...!!
Initiated_count_before_reload.png
625 KB View Download
Initiated_count_after_reload.png
640 KB View Download

Comment 4 by fdewee...@fastly.com, Nov 7 2016 

@krajshree thanks for looking into this. I do believe that the screenshots you posted show the behavior I was trying to describe:

- id 1370, cdn.vox-cdn.com:443: 9 -> closed (correctly coalesced?)
- id 1934, cdn3.vox-cdn.com:443 : 5 -> 6
- id 1359 fonts.voxmedia.com:443, phonograph2.voxmedia.com:443: 4 -> 7
- id 1307 product.voxmedia.com:443, auth.voxmedia.com:443: 7 -> 13
- id 1726 fonts.voxmedia.com:443: 5 -> 5 (correctly coalesced?)
- id 1712 providence.voxmedia.com:443: 2 -> 4

My expectation is that we end up with only two active connections, rather than 4 in this example: one for product.voxmedia.com and auth.voxmedia.com and another for the rest.

Also, I want to clarify that this is not a correctness issue. It's a resource consumption issue: like in https://bugs.chromium.org/p/chromium/issues/detail?id=621597 Chrome could be using less resources than it's currently using.

Comment 5 by rdsmith@chromium.org, Nov 10 2016

Labels: -Needs-Feedback

Comment 6 by mmenke@chromium.org, Nov 11 2016 

Note that sockets for requests with credentials (Cookies, auth) are kept separate from those where they are not, so it's entirely possible you're seeing two different types of sockets.  This would result in, at most, twice as many H2 sessions as you'd expect.

Comment 7 by ajha@chromium.org, Jan 11 2017

Labels: TE-NeedsTriageHelp
fdeweerdt@: Could you please review the comment 6 and update the thread.
Project Member

Comment 8 by sheriffbot@chromium.org, Feb 13 2018

Status: Archived (was: Unconfirmed)
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment