Received: by 10.224.219.144 with SMTP id hu16mr9422796qab.1.1351711698747; Wed, 31 Oct 2012 12:28:18 -0700 (PDT) X-BeenThere: spdy-dev@googlegroups.com Received: by 10.224.195.196 with SMTP id ed4ls3559752qab.0.gmail; Wed, 31 Oct 2012 12:28:18 -0700 (PDT) Received: by 10.224.193.72 with SMTP id dt8mr19555305qab.7.1351711697995; Wed, 31 Oct 2012 12:28:17 -0700 (PDT) Received: by 10.224.193.72 with SMTP id dt8mr19555304qab.7.1351711697978; Wed, 31 Oct 2012 12:28:17 -0700 (PDT) Return-Path: Received: from mail-qc0-f170.google.com (mail-qc0-f170.google.com [209.85.216.170]) by gmr-mx.google.com with ESMTPS id ba11si1059534qcb.2.2012.10.31.12.28.17 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 31 Oct 2012 12:28:17 -0700 (PDT) Received-SPF: pass (google.com: domain of willc...@google.com designates 209.85.216.170 as permitted sender) client-ip=209.85.216.170; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of willc...@google.com designates 209.85.216.170 as permitted sender) smtp.mail=willc...@google.com; dkim=pass header...@google.com Received: by mail-qc0-f170.google.com with SMTP id d42so1142824qca.15 for ; Wed, 31 Oct 2012 12:28:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :x-system-of-record; bh=NfxqXBiaUxd/eYbDTn5z46xHEe5TvNTKiR9tGcOXd40=; b=jn/PXEi1UspSxAJhypli9dirqbRuOWIB7iiJag7QZKNmcV2pWAbecoQxWuTnW+pXCy YL9syek6ZNrne9NEb/MHI0p1CDGf167pqFXe5UkAD7Rwf9FXYatFrUfgeml61S9YK/3N 0mSemivHPALyJXfcZnrkuaNRRVCwkRQavdqdxH2ImGHz0YCsI4bB0TG7B8ND7Vt0s5uY StG2fYKDOe/Q3NG0A0bDNhW8Kl3fXY83JQ/3RHGN0xbJwSXvEt7Pq0fkUN34xwB5DGW1 MLjaWHfY1641RYuuWJQPOh1gAJn/lchjMe1h5xF1ElK/MCuieNzuXl9WLL4gehkZFOVd SXVA== d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :x-system-of-record:x-gm-message-state; bh=NfxqXBiaUxd/eYbDTn5z46xHEe5TvNTKiR9tGcOXd40=; b=mVGQzz7UruRv/tYXKPI51S3z0RZrzW8/osmccMz9c+OEWPT9LzxgMEQwmELUGib1uQ P6e82N0H1MV4OJo/BhtS3mqScup121pHo18etFqo/QrWR3N40pXEduadXlVN5vFAQ/uB M4w7zTEle8T8qgSaQFGuq+F3LGbS0zoTmUAtxO7rWEt+wpkxOLdg3iJTriKeGTF7JWM9 Od520lxEyk3HrZPsjNFYt/42rlV4S73aqQlsgvyhTFs3cSWpLfKvliju0g6Ucat62KGn j8SuwvbAjCWPQAEM80w1eAew5CzkASE2+AfAFuY85RAQ+KkySvCTo32jSEZC3wFt3JP7 IaAA== MIME-Version: 1.0 Received: by 10.49.104.65 with SMTP id gc1mr30578347qeb.22.1351711697785; Wed, 31 Oct 2012 12:28:17 -0700 (PDT) Sender: willc...@google.com Received: by 10.229.195.65 with HTTP; Wed, 31 Oct 2012 12:28:17 -0700 (PDT) In-Reply-To: References: <769472f7-e152-47db-b867-675f9e532e08@googlegroups.com> Date: Wed, 31 Oct 2012 12:28:17 -0700 Message-ID: Subject: Re: [spdy-dev] HAProxy supports NPN, which makes for an awesome SPDY deployment From: =?UTF-8?B?V2lsbGlhbSBDaGFuICjpmYjmmbrmmIwp?= To: "spdy-dev@googlegroups.com" Content-Type: multipart/alternative; boundary=047d7b5dbd9495d51804cd5fe71a X-System-Of-Record: true X-Gm-Message-State: ALoCoQmBf9uF+v0nuJMNrPbqAd5WUbEpXCK6T0QsrhyOB15NEESLXvO59v3XRZmoebnuByGrO05ooWQT8SkNznRszb9Ni/m9IAuYt+ZMzSgt0iXhw2NifQ9XELMBBx0p5fULLFd2XnR6wTEfaEyiKIl5RYf8tX5b+Fs8Qsl1nHMbVAnwsXWVmZWyKnIPvmyRYjnXKhGuUIKCjdSQkEp+chTKoaHu87aUow== --047d7b5dbd9495d51804cd5fe71a Content-Type: text/plain; charset=ISO-8859-1 I don't believe that's true, or Facebook is doing it wrong, or I'm misremembering the False Start heuristic, but IIRC, False Start will not trigger in Chromium unless you advertise NPN *and* a forward secure cipher suite. I think they're just experimenting with their SPDY support. On Wed, Oct 31, 2012 at 11:34 AM, Patrick McManus wrote: > nice. > > also, now that google has made npn the defacto signal for false start, > this can give false start bonuses to folks not even running spdy but using > haproxy. It appears that is what facebook is doing right now (not spdy > ready yet, but they're running npn). > > > > On Wed, Oct 31, 2012 at 2:31 PM, Ilya Grigorik wrote: > >> Specifically, all of the NPN negotiation can be done at HAProxy, and the >> raw SPDY frames flow directly to the SPDY servers. >> >> Full config, with examples on how to route HTTP, HTTPS, and SPDY from the >> same proxy instance: >> >> http://www.igvita.com/2012/10/31/simple-spdy-and-npn-negotiation-with-haproxy/ >> >> I didn't cover this in the post, but you can also combine the above with >> SNI rules, client key verification, and tons of other awesome. >> >> ig >> > > --047d7b5dbd9495d51804cd5fe71a Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I don't believe that's true, or Facebook is doing it wrong, or I= 9;m misremembering the False Start heuristic, but IIRC, False Start will no= t trigger in Chromium unless you advertise NPN *and* a forward=A0secure cipher suite. I th= ink they're just experimenting with their SPDY support.


On Wed, Oct 3= 1, 2012 at 11:34 AM, Patrick McManus <mcma...@ducksong.com> wrote:
nice.

also, now that google has made = npn the defacto signal for false start, this can give false start bonuses t= o folks not even running spdy but using haproxy. It appears that is what fa= cebook is doing right now (not spdy ready yet, but they're running npn)= .



On Wed, Oct 3= 1, 2012 at 2:31 PM, Ilya Grigorik <igrigo...@gmail.com> wr= ote:
Specifically, all of the NPN negotiation can= be done at HAProxy, and the raw SPDY frames flow directly to the SPDY serv= ers.

Full config, with examples on how to route HTTP, HTTPS, and = SPDY from the same proxy instance:

I didn't cover this in the post, but you can = also combine the above with SNI rules, client key verification, and tons of= other awesome.

ig


--047d7b5dbd9495d51804cd5fe71a--